Aug 26 13:22:40.626058: FIPS Product: YES Aug 26 13:22:40.626140: FIPS Kernel: NO Aug 26 13:22:40.626142: FIPS Mode: NO Aug 26 13:22:40.626144: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:22:40.626280: Initializing NSS Aug 26 13:22:40.626286: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:22:40.649708: NSS initialized Aug 26 13:22:40.649724: NSS crypto library initialized Aug 26 13:22:40.649726: FIPS HMAC integrity support [enabled] Aug 26 13:22:40.649727: FIPS mode disabled for pluto daemon Aug 26 13:22:40.675528: FIPS HMAC integrity verification self-test FAILED Aug 26 13:22:40.675678: libcap-ng support [enabled] Aug 26 13:22:40.675684: Linux audit support [enabled] Aug 26 13:22:40.675961: Linux audit activated Aug 26 13:22:40.675967: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19911 Aug 26 13:22:40.675969: core dump dir: /var/tmp Aug 26 13:22:40.675970: secrets file: /etc/ipsec.secrets Aug 26 13:22:40.675972: leak-detective enabled Aug 26 13:22:40.675973: NSS crypto [enabled] Aug 26 13:22:40.675974: XAUTH PAM support [enabled] Aug 26 13:22:40.676028: | libevent is using pluto's memory allocator Aug 26 13:22:40.676033: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:22:40.676045: | libevent_malloc: new ptr-libevent@0x559d8e0b0a78 size 40 Aug 26 13:22:40.676049: | libevent_malloc: new ptr-libevent@0x559d8e0b09f8 size 40 Aug 26 13:22:40.676051: | libevent_malloc: new ptr-libevent@0x559d8e0b0978 size 40 Aug 26 13:22:40.676053: | creating event base Aug 26 13:22:40.676056: | libevent_malloc: new ptr-libevent@0x559d8e0a25a8 size 56 Aug 26 13:22:40.676059: | libevent_malloc: new ptr-libevent@0x559d8e023ce8 size 664 Aug 26 13:22:40.676068: | libevent_malloc: new ptr-libevent@0x559d8e0eb098 size 24 Aug 26 13:22:40.676070: | libevent_malloc: new ptr-libevent@0x559d8e0eb0e8 size 384 Aug 26 13:22:40.676078: | libevent_malloc: new ptr-libevent@0x559d8e0eb058 size 16 Aug 26 13:22:40.676079: | libevent_malloc: new ptr-libevent@0x559d8e0b08f8 size 40 Aug 26 13:22:40.676081: | libevent_malloc: new ptr-libevent@0x559d8e0b0878 size 48 Aug 26 13:22:40.676085: | libevent_realloc: new ptr-libevent@0x559d8e023978 size 256 Aug 26 13:22:40.676087: | libevent_malloc: new ptr-libevent@0x559d8e0eb298 size 16 Aug 26 13:22:40.676091: | libevent_free: release ptr-libevent@0x559d8e0a25a8 Aug 26 13:22:40.676093: | libevent initialized Aug 26 13:22:40.676096: | libevent_realloc: new ptr-libevent@0x559d8e0a25a8 size 64 Aug 26 13:22:40.676100: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:22:40.676110: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:22:40.676112: NAT-Traversal support [enabled] Aug 26 13:22:40.676114: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:22:40.676118: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:22:40.676121: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:22:40.676143: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:22:40.676145: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:22:40.676148: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:22:40.676181: Encryption algorithms: Aug 26 13:22:40.676185: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:22:40.676188: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:22:40.676190: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:22:40.676192: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:22:40.676194: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:22:40.676200: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:22:40.676203: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:22:40.676205: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:22:40.676207: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:22:40.676209: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:22:40.676212: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:22:40.676214: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:22:40.676216: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:22:40.676218: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:22:40.676221: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:22:40.676222: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:22:40.676224: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:22:40.676229: Hash algorithms: Aug 26 13:22:40.676231: MD5 IKEv1: IKE IKEv2: Aug 26 13:22:40.676233: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:22:40.676235: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:22:40.676236: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:22:40.676238: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:22:40.676249: PRF algorithms: Aug 26 13:22:40.676251: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:22:40.676253: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:22:40.676255: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:22:40.676257: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:22:40.676259: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:22:40.676261: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:22:40.676277: Integrity algorithms: Aug 26 13:22:40.676279: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:22:40.676282: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:22:40.676284: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:22:40.676286: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:22:40.676308: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:22:40.676315: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:22:40.676318: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:22:40.676321: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:22:40.676323: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:22:40.676343: DH algorithms: Aug 26 13:22:40.676345: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:22:40.676347: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:22:40.676349: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:22:40.676353: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:22:40.676355: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:22:40.676357: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:22:40.676358: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:22:40.676360: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:22:40.676362: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:22:40.676364: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:22:40.676366: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:22:40.676368: testing CAMELLIA_CBC: Aug 26 13:22:40.676370: Camellia: 16 bytes with 128-bit key Aug 26 13:22:40.676455: Camellia: 16 bytes with 128-bit key Aug 26 13:22:40.676474: Camellia: 16 bytes with 256-bit key Aug 26 13:22:40.676493: Camellia: 16 bytes with 256-bit key Aug 26 13:22:40.676510: testing AES_GCM_16: Aug 26 13:22:40.676512: empty string Aug 26 13:22:40.676530: one block Aug 26 13:22:40.676545: two blocks Aug 26 13:22:40.676561: two blocks with associated data Aug 26 13:22:40.676578: testing AES_CTR: Aug 26 13:22:40.676581: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:22:40.676597: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:22:40.676614: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:22:40.676633: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:22:40.676649: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:22:40.676665: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:22:40.676681: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:22:40.676697: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:22:40.676713: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:22:40.676730: testing AES_CBC: Aug 26 13:22:40.676732: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:22:40.676748: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:22:40.676766: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:22:40.676782: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:22:40.676802: testing AES_XCBC: Aug 26 13:22:40.676804: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:22:40.676875: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:22:40.676952: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:22:40.677028: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:22:40.677102: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:22:40.677176: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:22:40.677253: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:22:40.677456: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:22:40.677536: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:22:40.677617: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:22:40.677758: testing HMAC_MD5: Aug 26 13:22:40.677760: RFC 2104: MD5_HMAC test 1 Aug 26 13:22:40.677890: RFC 2104: MD5_HMAC test 2 Aug 26 13:22:40.677981: RFC 2104: MD5_HMAC test 3 Aug 26 13:22:40.678128: 8 CPU cores online Aug 26 13:22:40.678131: starting up 7 crypto helpers Aug 26 13:22:40.678157: started thread for crypto helper 0 Aug 26 13:22:40.678183: | starting up helper thread 0 Aug 26 13:22:40.678196: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:22:40.678198: | crypto helper 0 waiting (nothing to do) Aug 26 13:22:40.678281: started thread for crypto helper 1 Aug 26 13:22:40.678284: | starting up helper thread 1 Aug 26 13:22:40.678308: started thread for crypto helper 2 Aug 26 13:22:40.678309: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:22:40.678314: | starting up helper thread 2 Aug 26 13:22:40.678334: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:22:40.678340: | starting up helper thread 3 Aug 26 13:22:40.678359: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:22:40.678325: | crypto helper 1 waiting (nothing to do) Aug 26 13:22:40.678336: started thread for crypto helper 3 Aug 26 13:22:40.678435: | crypto helper 2 waiting (nothing to do) Aug 26 13:22:40.678448: | crypto helper 3 waiting (nothing to do) Aug 26 13:22:40.678462: | starting up helper thread 4 Aug 26 13:22:40.678450: started thread for crypto helper 4 Aug 26 13:22:40.678475: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:22:40.678541: started thread for crypto helper 5 Aug 26 13:22:40.678545: | starting up helper thread 5 Aug 26 13:22:40.678563: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:22:40.678549: | crypto helper 4 waiting (nothing to do) Aug 26 13:22:40.678571: started thread for crypto helper 6 Aug 26 13:22:40.678575: | crypto helper 5 waiting (nothing to do) Aug 26 13:22:40.678585: | starting up helper thread 6 Aug 26 13:22:40.678605: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:22:40.678608: | crypto helper 6 waiting (nothing to do) Aug 26 13:22:40.678575: | checking IKEv1 state table Aug 26 13:22:40.678645: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678650: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:22:40.678652: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678653: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:22:40.678655: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:22:40.678657: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:22:40.678658: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:22:40.678660: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:22:40.678662: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:22:40.678663: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:22:40.678665: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:22:40.678666: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:22:40.678668: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:22:40.678669: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:22:40.678671: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:22:40.678672: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:22:40.678674: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:22:40.678676: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:22:40.678677: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:22:40.678679: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:22:40.678680: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:22:40.678682: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678684: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:22:40.678685: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678687: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678688: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:22:40.678690: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678692: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:22:40.678693: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:22:40.678695: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:22:40.678696: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:22:40.678698: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:22:40.678699: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:22:40.678701: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678703: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:22:40.678704: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678706: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:22:40.678707: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:22:40.678712: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:22:40.678714: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:22:40.678715: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:22:40.678717: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:22:40.678719: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:22:40.678720: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678722: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:22:40.678723: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678725: | INFO: category: informational flags: 0: Aug 26 13:22:40.678727: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678728: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:22:40.678730: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678732: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:22:40.678733: | -> XAUTH_R1 EVENT_NULL Aug 26 13:22:40.678735: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:22:40.678736: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:22:40.678738: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:22:40.678740: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:22:40.678741: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:22:40.678743: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:22:40.678745: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:22:40.678746: | -> UNDEFINED EVENT_NULL Aug 26 13:22:40.678748: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:22:40.678749: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:22:40.678751: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:22:40.678753: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:22:40.678754: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:22:40.678756: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:22:40.678761: | checking IKEv2 state table Aug 26 13:22:40.678765: | PARENT_I0: category: ignore flags: 0: Aug 26 13:22:40.678767: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:22:40.678769: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678771: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:22:40.678773: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:22:40.678775: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:22:40.678777: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:22:40.678779: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:22:40.678781: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:22:40.678782: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:22:40.678784: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:22:40.678786: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:22:40.678788: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:22:40.678789: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:22:40.678791: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:22:40.678793: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:22:40.678794: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678796: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:22:40.678798: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:22:40.678800: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:22:40.678802: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:22:40.678803: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:22:40.678806: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:22:40.678808: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:22:40.678810: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:22:40.678811: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:22:40.678813: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:22:40.678815: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:22:40.678817: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:22:40.678819: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:22:40.678820: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:22:40.678822: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:22:40.678824: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:22:40.678826: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:22:40.678828: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:22:40.678830: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:22:40.678831: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:22:40.678833: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:22:40.678835: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:22:40.678837: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:22:40.678839: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:22:40.678840: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:22:40.678842: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:22:40.678844: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:22:40.678846: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:22:40.678848: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:22:40.678849: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:22:40.678860: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:22:40.679150: | Hard-wiring algorithms Aug 26 13:22:40.679153: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:22:40.679156: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:22:40.679158: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:22:40.679160: | adding 3DES_CBC to kernel algorithm db Aug 26 13:22:40.679161: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:22:40.679163: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:22:40.679165: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:22:40.679166: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:22:40.679168: | adding AES_CTR to kernel algorithm db Aug 26 13:22:40.679170: | adding AES_CBC to kernel algorithm db Aug 26 13:22:40.679171: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:22:40.679173: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:22:40.679175: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:22:40.679177: | adding NULL to kernel algorithm db Aug 26 13:22:40.679178: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:22:40.679180: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:22:40.679182: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:22:40.679184: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:22:40.679185: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:22:40.679187: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:22:40.679189: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:22:40.679190: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:22:40.679192: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:22:40.679193: | adding NONE to kernel algorithm db Aug 26 13:22:40.679211: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:22:40.679215: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:22:40.679217: | setup kernel fd callback Aug 26 13:22:40.679219: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x559d8e0aa798 Aug 26 13:22:40.679222: | libevent_malloc: new ptr-libevent@0x559d8e0e9808 size 128 Aug 26 13:22:40.679224: | libevent_malloc: new ptr-libevent@0x559d8e0f0898 size 16 Aug 26 13:22:40.679229: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x559d8e0f0828 Aug 26 13:22:40.679232: | libevent_malloc: new ptr-libevent@0x559d8e0a3258 size 128 Aug 26 13:22:40.679234: | libevent_malloc: new ptr-libevent@0x559d8e0f04f8 size 16 Aug 26 13:22:40.679389: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:22:40.679399: selinux support is enabled. Aug 26 13:22:40.679886: | unbound context created - setting debug level to 5 Aug 26 13:22:40.679906: | /etc/hosts lookups activated Aug 26 13:22:40.679919: | /etc/resolv.conf usage activated Aug 26 13:22:40.679955: | outgoing-port-avoid set 0-65535 Aug 26 13:22:40.679972: | outgoing-port-permit set 32768-60999 Aug 26 13:22:40.679975: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:22:40.679977: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:22:40.679979: | Setting up events, loop start Aug 26 13:22:40.679981: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x559d8e0f0cc8 Aug 26 13:22:40.679983: | libevent_malloc: new ptr-libevent@0x559d8e0fc738 size 128 Aug 26 13:22:40.679986: | libevent_malloc: new ptr-libevent@0x559d8e107a28 size 16 Aug 26 13:22:40.679991: | libevent_realloc: new ptr-libevent@0x559d8e107a68 size 256 Aug 26 13:22:40.679993: | libevent_malloc: new ptr-libevent@0x559d8e107b98 size 8 Aug 26 13:22:40.679995: | libevent_realloc: new ptr-libevent@0x559d8e107bd8 size 144 Aug 26 13:22:40.679996: | libevent_malloc: new ptr-libevent@0x559d8e0aed68 size 152 Aug 26 13:22:40.679999: | libevent_malloc: new ptr-libevent@0x559d8e107c98 size 16 Aug 26 13:22:40.680002: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:22:40.680004: | libevent_malloc: new ptr-libevent@0x559d8e107cd8 size 8 Aug 26 13:22:40.680005: | libevent_malloc: new ptr-libevent@0x559d8e0240d8 size 152 Aug 26 13:22:40.680007: | signal event handler PLUTO_SIGTERM installed Aug 26 13:22:40.680009: | libevent_malloc: new ptr-libevent@0x559d8e107d18 size 8 Aug 26 13:22:40.680011: | libevent_malloc: new ptr-libevent@0x559d8e02f6f8 size 152 Aug 26 13:22:40.680013: | signal event handler PLUTO_SIGHUP installed Aug 26 13:22:40.680015: | libevent_malloc: new ptr-libevent@0x559d8e107d58 size 8 Aug 26 13:22:40.680017: | libevent_realloc: release ptr-libevent@0x559d8e107bd8 Aug 26 13:22:40.680018: | libevent_realloc: new ptr-libevent@0x559d8e107d98 size 256 Aug 26 13:22:40.680020: | libevent_malloc: new ptr-libevent@0x559d8e027378 size 152 Aug 26 13:22:40.680022: | signal event handler PLUTO_SIGSYS installed Aug 26 13:22:40.680285: | created addconn helper (pid:19952) using fork+execve Aug 26 13:22:40.680307: | forked child 19952 Aug 26 13:22:40.683409: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:40.683557: listening for IKE messages Aug 26 13:22:40.683837: | Inspecting interface lo Aug 26 13:22:40.683843: | found lo with address 127.0.0.1 Aug 26 13:22:40.683847: | Inspecting interface eth0 Aug 26 13:22:40.683850: | found eth0 with address 192.0.2.254 Aug 26 13:22:40.683852: | Inspecting interface eth1 Aug 26 13:22:40.683855: | found eth1 with address 192.1.2.23 Aug 26 13:22:40.683926: Kernel supports NIC esp-hw-offload Aug 26 13:22:40.683934: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:22:40.683995: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:22:40.683999: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:22:40.684001: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:22:40.684038: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:22:40.684054: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:22:40.684057: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:22:40.684059: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:22:40.684077: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:22:40.684092: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:22:40.684095: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:22:40.684097: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:22:40.684155: | no interfaces to sort Aug 26 13:22:40.684159: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:22:40.684164: | add_fd_read_event_handler: new ethX-pe@0x559d8e108358 Aug 26 13:22:40.684167: | libevent_malloc: new ptr-libevent@0x559d8e0fc688 size 128 Aug 26 13:22:40.684170: | libevent_malloc: new ptr-libevent@0x559d8e1083c8 size 16 Aug 26 13:22:40.684175: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:22:40.684177: | add_fd_read_event_handler: new ethX-pe@0x559d8e108408 Aug 26 13:22:40.684180: | libevent_malloc: new ptr-libevent@0x559d8e0a3308 size 128 Aug 26 13:22:40.684182: | libevent_malloc: new ptr-libevent@0x559d8e108478 size 16 Aug 26 13:22:40.684185: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:22:40.684186: | add_fd_read_event_handler: new ethX-pe@0x559d8e1084b8 Aug 26 13:22:40.684189: | libevent_malloc: new ptr-libevent@0x559d8e0a2c28 size 128 Aug 26 13:22:40.684191: | libevent_malloc: new ptr-libevent@0x559d8e108528 size 16 Aug 26 13:22:40.684194: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:22:40.684196: | add_fd_read_event_handler: new ethX-pe@0x559d8e108568 Aug 26 13:22:40.684198: | libevent_malloc: new ptr-libevent@0x559d8e0aa4e8 size 128 Aug 26 13:22:40.684200: | libevent_malloc: new ptr-libevent@0x559d8e1085d8 size 16 Aug 26 13:22:40.684203: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:22:40.684204: | add_fd_read_event_handler: new ethX-pe@0x559d8e108618 Aug 26 13:22:40.684206: | libevent_malloc: new ptr-libevent@0x559d8e0aa5e8 size 128 Aug 26 13:22:40.684208: | libevent_malloc: new ptr-libevent@0x559d8e108688 size 16 Aug 26 13:22:40.684211: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:22:40.684212: | add_fd_read_event_handler: new ethX-pe@0x559d8e1086c8 Aug 26 13:22:40.684214: | libevent_malloc: new ptr-libevent@0x559d8e0aa6e8 size 128 Aug 26 13:22:40.684216: | libevent_malloc: new ptr-libevent@0x559d8e108738 size 16 Aug 26 13:22:40.684219: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:22:40.684222: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:22:40.684224: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:22:40.684239: loading secrets from "/etc/ipsec.secrets" Aug 26 13:22:40.684250: | saving Modulus Aug 26 13:22:40.684253: | saving PublicExponent Aug 26 13:22:40.684255: | ignoring PrivateExponent Aug 26 13:22:40.684257: | ignoring Prime1 Aug 26 13:22:40.684259: | ignoring Prime2 Aug 26 13:22:40.684261: | ignoring Exponent1 Aug 26 13:22:40.684263: | ignoring Exponent2 Aug 26 13:22:40.684266: | ignoring Coefficient Aug 26 13:22:40.684268: | ignoring CKAIDNSS Aug 26 13:22:40.684303: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:22:40.684308: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:22:40.684311: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:22:40.684318: | certs and keys locked by 'process_secret' Aug 26 13:22:40.684321: | certs and keys unlocked by 'process_secret' Aug 26 13:22:40.684328: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:40.684334: | spent 0.944 milliseconds in whack Aug 26 13:22:40.698259: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:40.698281: listening for IKE messages Aug 26 13:22:40.698316: | Inspecting interface lo Aug 26 13:22:40.698324: | found lo with address 127.0.0.1 Aug 26 13:22:40.698326: | Inspecting interface eth0 Aug 26 13:22:40.698329: | found eth0 with address 192.0.2.254 Aug 26 13:22:40.698331: | Inspecting interface eth1 Aug 26 13:22:40.698334: | found eth1 with address 192.1.2.23 Aug 26 13:22:40.698376: | no interfaces to sort Aug 26 13:22:40.698383: | libevent_free: release ptr-libevent@0x559d8e0fc688 Aug 26 13:22:40.698385: | free_event_entry: release EVENT_NULL-pe@0x559d8e108358 Aug 26 13:22:40.698387: | add_fd_read_event_handler: new ethX-pe@0x559d8e108358 Aug 26 13:22:40.698390: | libevent_malloc: new ptr-libevent@0x559d8e0fc688 size 128 Aug 26 13:22:40.698397: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:22:40.698401: | libevent_free: release ptr-libevent@0x559d8e0a3308 Aug 26 13:22:40.698404: | free_event_entry: release EVENT_NULL-pe@0x559d8e108408 Aug 26 13:22:40.698407: | add_fd_read_event_handler: new ethX-pe@0x559d8e108408 Aug 26 13:22:40.698410: | libevent_malloc: new ptr-libevent@0x559d8e0a3308 size 128 Aug 26 13:22:40.698415: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:22:40.698432: | libevent_free: release ptr-libevent@0x559d8e0a2c28 Aug 26 13:22:40.698435: | free_event_entry: release EVENT_NULL-pe@0x559d8e1084b8 Aug 26 13:22:40.698438: | add_fd_read_event_handler: new ethX-pe@0x559d8e1084b8 Aug 26 13:22:40.698441: | libevent_malloc: new ptr-libevent@0x559d8e0a2c28 size 128 Aug 26 13:22:40.698445: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:22:40.698449: | libevent_free: release ptr-libevent@0x559d8e0aa4e8 Aug 26 13:22:40.698452: | free_event_entry: release EVENT_NULL-pe@0x559d8e108568 Aug 26 13:22:40.698455: | add_fd_read_event_handler: new ethX-pe@0x559d8e108568 Aug 26 13:22:40.698472: | libevent_malloc: new ptr-libevent@0x559d8e0aa4e8 size 128 Aug 26 13:22:40.698477: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:22:40.698480: | libevent_free: release ptr-libevent@0x559d8e0aa5e8 Aug 26 13:22:40.698482: | free_event_entry: release EVENT_NULL-pe@0x559d8e108618 Aug 26 13:22:40.698483: | add_fd_read_event_handler: new ethX-pe@0x559d8e108618 Aug 26 13:22:40.698485: | libevent_malloc: new ptr-libevent@0x559d8e0aa5e8 size 128 Aug 26 13:22:40.698488: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:22:40.698490: | libevent_free: release ptr-libevent@0x559d8e0aa6e8 Aug 26 13:22:40.698492: | free_event_entry: release EVENT_NULL-pe@0x559d8e1086c8 Aug 26 13:22:40.698494: | add_fd_read_event_handler: new ethX-pe@0x559d8e1086c8 Aug 26 13:22:40.698495: | libevent_malloc: new ptr-libevent@0x559d8e0aa6e8 size 128 Aug 26 13:22:40.698498: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:22:40.698501: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:22:40.698502: forgetting secrets Aug 26 13:22:40.698509: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:22:40.698521: loading secrets from "/etc/ipsec.secrets" Aug 26 13:22:40.698531: | saving Modulus Aug 26 13:22:40.698534: | saving PublicExponent Aug 26 13:22:40.698536: | ignoring PrivateExponent Aug 26 13:22:40.698538: | ignoring Prime1 Aug 26 13:22:40.698540: | ignoring Prime2 Aug 26 13:22:40.698542: | ignoring Exponent1 Aug 26 13:22:40.698544: | ignoring Exponent2 Aug 26 13:22:40.698546: | ignoring Coefficient Aug 26 13:22:40.698548: | ignoring CKAIDNSS Aug 26 13:22:40.698565: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:22:40.698567: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:22:40.698569: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:22:40.698574: | certs and keys locked by 'process_secret' Aug 26 13:22:40.698576: | certs and keys unlocked by 'process_secret' Aug 26 13:22:40.698583: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:40.698589: | spent 0.334 milliseconds in whack Aug 26 13:22:40.699071: | processing signal PLUTO_SIGCHLD Aug 26 13:22:40.699085: | waitpid returned pid 19952 (exited with status 0) Aug 26 13:22:40.699093: | reaped addconn helper child (status 0) Aug 26 13:22:40.699097: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:40.699101: | spent 0.0206 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:40.758960: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:40.758979: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:22:40.758982: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:22:40.758984: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:22:40.758985: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:22:40.758989: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:22:40.758994: | Added new connection rw-east-pool-x509-ipv4 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:22:40.758996: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:22:40.759035: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Aug 26 13:22:40.759038: | from whack: got --esp= Aug 26 13:22:40.759060: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Aug 26 13:22:40.759064: | counting wild cards for %fromcert is 0 Aug 26 13:22:40.759510: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:22:40.759523: | loading right certificate 'east' pubkey Aug 26 13:22:40.759598: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e10bdb8 Aug 26 13:22:40.759602: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e10bd68 Aug 26 13:22:40.759604: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e10bd18 Aug 26 13:22:40.759606: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e10ba68 Aug 26 13:22:40.759607: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e10ba18 Aug 26 13:22:40.759755: | unreference key: 0x559d8e10be08 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:40.759874: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:22:40.759878: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:22:40.759883: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:22:40.759887: | add new addresspool to global pools 192.0.2.100-192.0.2.199 size 100 ptr 0x559d8e107ec8 Aug 26 13:22:40.759890: | based upon policy, the connection is a template. Aug 26 13:22:40.759893: | reference addresspool of conn rw-east-pool-x509-ipv4[0] kind CK_TEMPLATE refcnt 0 Aug 26 13:22:40.759897: | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none Aug 26 13:22:40.759899: | new hp@0x559d8e10bd18 Aug 26 13:22:40.759902: added connection description "rw-east-pool-x509-ipv4" Aug 26 13:22:40.759910: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:22:40.759920: | 0.0.0.0/0===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+S=C]...%any[%fromcert,+MC+S=C] Aug 26 13:22:40.759926: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:40.759930: | spent 0.974 milliseconds in whack Aug 26 13:22:42.896799: | spent 0.0025 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.896828: | *received 828 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.896832: | f7 f5 17 0e ae bd 93 18 00 00 00 00 00 00 00 00 Aug 26 13:22:42.896833: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Aug 26 13:22:42.896835: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Aug 26 13:22:42.896837: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Aug 26 13:22:42.896838: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Aug 26 13:22:42.896840: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Aug 26 13:22:42.896841: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Aug 26 13:22:42.896843: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Aug 26 13:22:42.896844: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Aug 26 13:22:42.896846: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Aug 26 13:22:42.896847: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Aug 26 13:22:42.896849: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Aug 26 13:22:42.896850: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Aug 26 13:22:42.896852: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Aug 26 13:22:42.896853: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Aug 26 13:22:42.896855: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Aug 26 13:22:42.896857: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Aug 26 13:22:42.896858: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Aug 26 13:22:42.896860: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Aug 26 13:22:42.896861: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Aug 26 13:22:42.896863: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Aug 26 13:22:42.896864: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Aug 26 13:22:42.896866: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Aug 26 13:22:42.896867: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Aug 26 13:22:42.896869: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Aug 26 13:22:42.896870: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Aug 26 13:22:42.896872: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Aug 26 13:22:42.896873: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Aug 26 13:22:42.896875: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Aug 26 13:22:42.896876: | 28 00 01 08 00 0e 00 00 ea 86 18 d9 0d 2f 6e be Aug 26 13:22:42.896878: | 48 d2 85 4c 24 c5 c4 ee 60 be 6b 98 24 f5 ee ea Aug 26 13:22:42.896879: | a6 dd ea 9d cc b9 9d 67 f3 d2 e3 15 73 7b 50 83 Aug 26 13:22:42.896881: | b4 53 e4 7d f8 ec 68 ab d9 85 54 9c 2d b8 8c 5a Aug 26 13:22:42.896883: | fc b8 f5 21 59 6f 88 cc e5 5c 9c 16 e1 70 96 da Aug 26 13:22:42.896884: | ba 63 bd 4e 6b b7 43 81 ca 9d 80 07 ae 27 8e bd Aug 26 13:22:42.896886: | 81 91 17 6a e9 33 fd 60 04 a3 f9 cd 51 1b 4c c4 Aug 26 13:22:42.896887: | ac 22 e7 ca 1d f6 db eb eb 3d 24 44 c7 1e f7 98 Aug 26 13:22:42.896889: | a8 44 aa 63 87 b3 19 0f dd de d9 80 d7 42 05 a5 Aug 26 13:22:42.896890: | 40 c6 5f cc 42 3e 62 8b ef df b3 04 9b de d5 ae Aug 26 13:22:42.896892: | ef 4a 44 6a 86 36 dd 28 b7 07 02 ec c4 29 37 d3 Aug 26 13:22:42.896893: | 8c 48 2d 9a a8 70 04 ad 06 e2 85 9f 45 20 99 41 Aug 26 13:22:42.896895: | ed 6b c9 2f 79 4b 74 81 69 5e 30 98 99 1c 7a 93 Aug 26 13:22:42.896896: | 64 6e d0 ce 77 aa 96 d5 52 46 68 b3 68 26 f9 c6 Aug 26 13:22:42.896898: | dd d3 8f 2e 0e 90 bb c3 20 45 8a 7f 3f aa 6f 6c Aug 26 13:22:42.896899: | 1f 81 07 94 45 b0 d6 13 ef f3 20 8a b4 5b e6 2e Aug 26 13:22:42.896901: | 90 b7 c0 fd 32 10 18 5e 29 00 00 24 bc e8 b3 96 Aug 26 13:22:42.896902: | 1e d9 e9 b8 4f 4a e4 cc f1 84 08 55 14 26 e3 96 Aug 26 13:22:42.896904: | aa b1 2d 31 f8 58 e1 8a 65 f4 45 36 29 00 00 08 Aug 26 13:22:42.896906: | 00 00 40 2e 29 00 00 1c 00 00 40 04 0d fc a2 10 Aug 26 13:22:42.896907: | 43 2f 9e f2 db d1 d6 00 5e 31 14 81 f9 69 83 4b Aug 26 13:22:42.896910: | 00 00 00 1c 00 00 40 05 3d c3 19 48 d7 e7 28 c2 Aug 26 13:22:42.896912: | 4f be 32 ed ad dd 3e 5a aa 37 35 d9 Aug 26 13:22:42.896916: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.896919: | **parse ISAKMP Message: Aug 26 13:22:42.896921: | initiator cookie: Aug 26 13:22:42.896923: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.896924: | responder cookie: Aug 26 13:22:42.896926: | 00 00 00 00 00 00 00 00 Aug 26 13:22:42.896928: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:22:42.896929: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.896931: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:22:42.896933: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.896935: | Message ID: 0 (0x0) Aug 26 13:22:42.896936: | length: 828 (0x33c) Aug 26 13:22:42.896938: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Aug 26 13:22:42.896941: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Aug 26 13:22:42.896943: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Aug 26 13:22:42.896945: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:22:42.896948: | ***parse IKEv2 Security Association Payload: Aug 26 13:22:42.896950: | next payload type: ISAKMP_NEXT_v2KE (0x22) Aug 26 13:22:42.896951: | flags: none (0x0) Aug 26 13:22:42.896953: | length: 436 (0x1b4) Aug 26 13:22:42.896955: | processing payload: ISAKMP_NEXT_v2SA (len=432) Aug 26 13:22:42.896956: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Aug 26 13:22:42.896958: | ***parse IKEv2 Key Exchange Payload: Aug 26 13:22:42.896960: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Aug 26 13:22:42.896962: | flags: none (0x0) Aug 26 13:22:42.896963: | length: 264 (0x108) Aug 26 13:22:42.896965: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.896967: | processing payload: ISAKMP_NEXT_v2KE (len=256) Aug 26 13:22:42.896968: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Aug 26 13:22:42.896970: | ***parse IKEv2 Nonce Payload: Aug 26 13:22:42.896972: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:22:42.896973: | flags: none (0x0) Aug 26 13:22:42.896975: | length: 36 (0x24) Aug 26 13:22:42.896976: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Aug 26 13:22:42.896978: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:22:42.896980: | ***parse IKEv2 Notify Payload: Aug 26 13:22:42.896981: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:22:42.896983: | flags: none (0x0) Aug 26 13:22:42.896984: | length: 8 (0x8) Aug 26 13:22:42.896986: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.896988: | SPI size: 0 (0x0) Aug 26 13:22:42.896990: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:22:42.896991: | processing payload: ISAKMP_NEXT_v2N (len=0) Aug 26 13:22:42.896993: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:22:42.896995: | ***parse IKEv2 Notify Payload: Aug 26 13:22:42.896996: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:22:42.896998: | flags: none (0x0) Aug 26 13:22:42.896999: | length: 28 (0x1c) Aug 26 13:22:42.897001: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.897002: | SPI size: 0 (0x0) Aug 26 13:22:42.897004: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:22:42.897006: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:22:42.897007: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Aug 26 13:22:42.897009: | ***parse IKEv2 Notify Payload: Aug 26 13:22:42.897011: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.897012: | flags: none (0x0) Aug 26 13:22:42.897014: | length: 28 (0x1c) Aug 26 13:22:42.897015: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.897017: | SPI size: 0 (0x0) Aug 26 13:22:42.897019: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:22:42.897020: | processing payload: ISAKMP_NEXT_v2N (len=20) Aug 26 13:22:42.897023: | DDOS disabled and no cookie sent, continuing Aug 26 13:22:42.897027: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:22:42.897030: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:22:42.897031: | find_next_host_connection returns empty Aug 26 13:22:42.897034: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Aug 26 13:22:42.897037: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:22:42.897039: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Aug 26 13:22:42.897041: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (rw-east-pool-x509-ipv4) Aug 26 13:22:42.897043: | find_next_host_connection returns empty Aug 26 13:22:42.897046: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Aug 26 13:22:42.897049: | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:22:42.897050: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:22:42.897052: | find_next_host_connection returns empty Aug 26 13:22:42.897054: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Aug 26 13:22:42.897057: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:22:42.897059: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:22:42.897061: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (rw-east-pool-x509-ipv4) Aug 26 13:22:42.897062: | find_next_host_connection returns rw-east-pool-x509-ipv4 Aug 26 13:22:42.897064: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Aug 26 13:22:42.897066: | find_next_host_connection returns empty Aug 26 13:22:42.897067: | rw_instantiate Aug 26 13:22:42.897072: | reference addresspool of conn rw-east-pool-x509-ipv4[1] kind CK_TEMPLATE refcnt 1 Aug 26 13:22:42.897076: | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none Aug 26 13:22:42.897078: | new hp@0x559d8e1100e8 Aug 26 13:22:42.897081: | rw_instantiate() instantiated "rw-east-pool-x509-ipv4"[1] 192.1.3.209 for 192.1.3.209 Aug 26 13:22:42.897084: | found connection: rw-east-pool-x509-ipv4[1] 192.1.3.209 with policy RSASIG+IKEV2_ALLOW Aug 26 13:22:42.897086: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:22:42.897101: | creating state object #1 at 0x559d8e112f38 Aug 26 13:22:42.897103: | State DB: adding IKEv2 state #1 in UNDEFINED Aug 26 13:22:42.897108: | pstats #1 ikev2.ike started Aug 26 13:22:42.897111: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Aug 26 13:22:42.897113: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Aug 26 13:22:42.897116: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:22:42.897124: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.897126: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:22:42.897130: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:22:42.897132: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Aug 26 13:22:42.897135: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Aug 26 13:22:42.897137: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Aug 26 13:22:42.897139: | #1 in state PARENT_R0: processing SA_INIT request Aug 26 13:22:42.897143: | selected state microcode Respond to IKE_SA_INIT Aug 26 13:22:42.897145: | Now let's proceed with state specific processing Aug 26 13:22:42.897146: | calling processor Respond to IKE_SA_INIT Aug 26 13:22:42.897150: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:22:42.897152: | constructing local IKE proposals for rw-east-pool-x509-ipv4 (IKE SA responder matching remote proposals) Aug 26 13:22:42.897158: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:22:42.897163: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:22:42.897165: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:22:42.897169: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:22:42.897171: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:22:42.897175: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:22:42.897177: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Aug 26 13:22:42.897181: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:22:42.897187: "rw-east-pool-x509-ipv4"[1] 192.1.3.209: constructed local IKE proposals for rw-east-pool-x509-ipv4 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Aug 26 13:22:42.897190: | Comparing remote proposals against IKE responder 4 local proposals Aug 26 13:22:42.897193: | local proposal 1 type ENCR has 1 transforms Aug 26 13:22:42.897194: | local proposal 1 type PRF has 2 transforms Aug 26 13:22:42.897196: | local proposal 1 type INTEG has 1 transforms Aug 26 13:22:42.897198: | local proposal 1 type DH has 8 transforms Aug 26 13:22:42.897199: | local proposal 1 type ESN has 0 transforms Aug 26 13:22:42.897201: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:22:42.897203: | local proposal 2 type ENCR has 1 transforms Aug 26 13:22:42.897205: | local proposal 2 type PRF has 2 transforms Aug 26 13:22:42.897206: | local proposal 2 type INTEG has 1 transforms Aug 26 13:22:42.897208: | local proposal 2 type DH has 8 transforms Aug 26 13:22:42.897210: | local proposal 2 type ESN has 0 transforms Aug 26 13:22:42.897212: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Aug 26 13:22:42.897213: | local proposal 3 type ENCR has 1 transforms Aug 26 13:22:42.897215: | local proposal 3 type PRF has 2 transforms Aug 26 13:22:42.897216: | local proposal 3 type INTEG has 2 transforms Aug 26 13:22:42.897218: | local proposal 3 type DH has 8 transforms Aug 26 13:22:42.897220: | local proposal 3 type ESN has 0 transforms Aug 26 13:22:42.897222: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:22:42.897224: | local proposal 4 type ENCR has 1 transforms Aug 26 13:22:42.897226: | local proposal 4 type PRF has 2 transforms Aug 26 13:22:42.897228: | local proposal 4 type INTEG has 2 transforms Aug 26 13:22:42.897229: | local proposal 4 type DH has 8 transforms Aug 26 13:22:42.897231: | local proposal 4 type ESN has 0 transforms Aug 26 13:22:42.897233: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Aug 26 13:22:42.897235: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.897237: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.897238: | length: 100 (0x64) Aug 26 13:22:42.897240: | prop #: 1 (0x1) Aug 26 13:22:42.897242: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:22:42.897243: | spi size: 0 (0x0) Aug 26 13:22:42.897245: | # transforms: 11 (0xb) Aug 26 13:22:42.897247: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:22:42.897249: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897253: | length: 12 (0xc) Aug 26 13:22:42.897254: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.897256: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.897258: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.897260: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.897261: | length/value: 256 (0x100) Aug 26 13:22:42.897264: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:22:42.897266: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897269: | length: 8 (0x8) Aug 26 13:22:42.897271: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897272: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:22:42.897275: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Aug 26 13:22:42.897277: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Aug 26 13:22:42.897279: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Aug 26 13:22:42.897281: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Aug 26 13:22:42.897282: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897285: | length: 8 (0x8) Aug 26 13:22:42.897287: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897294: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:22:42.897296: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897299: | length: 8 (0x8) Aug 26 13:22:42.897301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897303: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.897305: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Aug 26 13:22:42.897307: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Aug 26 13:22:42.897309: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Aug 26 13:22:42.897311: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Aug 26 13:22:42.897313: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897314: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897316: | length: 8 (0x8) Aug 26 13:22:42.897317: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897319: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:22:42.897321: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897325: | length: 8 (0x8) Aug 26 13:22:42.897327: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897329: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:22:42.897330: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897333: | length: 8 (0x8) Aug 26 13:22:42.897335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897337: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:22:42.897338: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897341: | length: 8 (0x8) Aug 26 13:22:42.897343: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897345: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:22:42.897346: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897350: | length: 8 (0x8) Aug 26 13:22:42.897351: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897353: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:22:42.897355: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897358: | length: 8 (0x8) Aug 26 13:22:42.897359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897361: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:22:42.897363: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897364: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.897366: | length: 8 (0x8) Aug 26 13:22:42.897367: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897369: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:22:42.897371: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Aug 26 13:22:42.897374: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Aug 26 13:22:42.897376: | remote proposal 1 matches local proposal 1 Aug 26 13:22:42.897378: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.897380: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.897381: | length: 100 (0x64) Aug 26 13:22:42.897383: | prop #: 2 (0x2) Aug 26 13:22:42.897384: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:22:42.897386: | spi size: 0 (0x0) Aug 26 13:22:42.897387: | # transforms: 11 (0xb) Aug 26 13:22:42.897390: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.897391: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897394: | length: 12 (0xc) Aug 26 13:22:42.897396: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.897398: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.897399: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.897401: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.897403: | length/value: 128 (0x80) Aug 26 13:22:42.897405: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897408: | length: 8 (0x8) Aug 26 13:22:42.897409: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897411: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:22:42.897413: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897414: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897416: | length: 8 (0x8) Aug 26 13:22:42.897417: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897419: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:22:42.897421: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897426: | length: 8 (0x8) Aug 26 13:22:42.897428: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897429: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.897431: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897433: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897434: | length: 8 (0x8) Aug 26 13:22:42.897436: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897437: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:22:42.897439: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897442: | length: 8 (0x8) Aug 26 13:22:42.897444: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897445: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:22:42.897447: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897450: | length: 8 (0x8) Aug 26 13:22:42.897452: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897453: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:22:42.897455: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897458: | length: 8 (0x8) Aug 26 13:22:42.897460: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897462: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:22:42.897463: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897466: | length: 8 (0x8) Aug 26 13:22:42.897468: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897470: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:22:42.897471: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897474: | length: 8 (0x8) Aug 26 13:22:42.897476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897478: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:22:42.897479: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897481: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.897483: | length: 8 (0x8) Aug 26 13:22:42.897484: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897486: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:22:42.897488: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Aug 26 13:22:42.897490: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Aug 26 13:22:42.897492: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.897493: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.897495: | length: 116 (0x74) Aug 26 13:22:42.897496: | prop #: 3 (0x3) Aug 26 13:22:42.897498: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:22:42.897500: | spi size: 0 (0x0) Aug 26 13:22:42.897501: | # transforms: 13 (0xd) Aug 26 13:22:42.897503: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.897505: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897508: | length: 12 (0xc) Aug 26 13:22:42.897510: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.897512: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:22:42.897514: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.897517: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.897519: | length/value: 256 (0x100) Aug 26 13:22:42.897522: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897527: | length: 8 (0x8) Aug 26 13:22:42.897529: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897531: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:22:42.897534: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897538: | length: 8 (0x8) Aug 26 13:22:42.897540: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897542: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:22:42.897544: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897547: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897549: | length: 8 (0x8) Aug 26 13:22:42.897551: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.897553: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:22:42.897556: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897560: | length: 8 (0x8) Aug 26 13:22:42.897563: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.897565: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:22:42.897568: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897569: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897571: | length: 8 (0x8) Aug 26 13:22:42.897572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897574: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.897576: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897579: | length: 8 (0x8) Aug 26 13:22:42.897581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897582: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:22:42.897584: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897587: | length: 8 (0x8) Aug 26 13:22:42.897589: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897590: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:22:42.897592: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897595: | length: 8 (0x8) Aug 26 13:22:42.897597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897598: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:22:42.897600: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897603: | length: 8 (0x8) Aug 26 13:22:42.897605: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897606: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:22:42.897608: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897611: | length: 8 (0x8) Aug 26 13:22:42.897613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897614: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:22:42.897616: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897619: | length: 8 (0x8) Aug 26 13:22:42.897621: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897622: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:22:42.897624: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897626: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.897627: | length: 8 (0x8) Aug 26 13:22:42.897629: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897631: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:22:42.897635: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:22:42.897641: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:22:42.897644: | ****parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.897647: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:22:42.897649: | length: 116 (0x74) Aug 26 13:22:42.897652: | prop #: 4 (0x4) Aug 26 13:22:42.897654: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:22:42.897657: | spi size: 0 (0x0) Aug 26 13:22:42.897659: | # transforms: 13 (0xd) Aug 26 13:22:42.897663: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.897666: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897671: | length: 12 (0xc) Aug 26 13:22:42.897673: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.897676: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:22:42.897679: | ******parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.897682: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.897684: | length/value: 128 (0x80) Aug 26 13:22:42.897687: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897692: | length: 8 (0x8) Aug 26 13:22:42.897695: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897697: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:22:42.897700: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897705: | length: 8 (0x8) Aug 26 13:22:42.897708: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.897710: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Aug 26 13:22:42.897713: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897717: | length: 8 (0x8) Aug 26 13:22:42.897720: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.897723: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:22:42.897725: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897728: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897730: | length: 8 (0x8) Aug 26 13:22:42.897732: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.897735: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:22:42.897738: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897742: | length: 8 (0x8) Aug 26 13:22:42.897745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897747: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.897750: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897755: | length: 8 (0x8) Aug 26 13:22:42.897771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897773: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Aug 26 13:22:42.897776: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897793: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897795: | length: 8 (0x8) Aug 26 13:22:42.897798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897800: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Aug 26 13:22:42.897803: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897808: | length: 8 (0x8) Aug 26 13:22:42.897810: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897813: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Aug 26 13:22:42.897828: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897833: | length: 8 (0x8) Aug 26 13:22:42.897837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897840: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Aug 26 13:22:42.897843: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897847: | length: 8 (0x8) Aug 26 13:22:42.897850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897852: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Aug 26 13:22:42.897855: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.897860: | length: 8 (0x8) Aug 26 13:22:42.897862: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897864: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Aug 26 13:22:42.897866: | *****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.897869: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.897871: | length: 8 (0x8) Aug 26 13:22:42.897874: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.897876: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Aug 26 13:22:42.897880: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Aug 26 13:22:42.897883: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Aug 26 13:22:42.897889: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Aug 26 13:22:42.897894: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Aug 26 13:22:42.897896: | converting proposal to internal trans attrs Aug 26 13:22:42.897900: | natd_hash: rcookie is zero Aug 26 13:22:42.897911: | natd_hash: hasher=0x559d8c234800(20) Aug 26 13:22:42.897929: | natd_hash: icookie= f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.897932: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:22:42.897934: | natd_hash: ip= c0 01 02 17 Aug 26 13:22:42.897937: | natd_hash: port=500 Aug 26 13:22:42.897940: | natd_hash: hash= 3d c3 19 48 d7 e7 28 c2 4f be 32 ed ad dd 3e 5a Aug 26 13:22:42.897943: | natd_hash: hash= aa 37 35 d9 Aug 26 13:22:42.897945: | natd_hash: rcookie is zero Aug 26 13:22:42.897950: | natd_hash: hasher=0x559d8c234800(20) Aug 26 13:22:42.897952: | natd_hash: icookie= f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.897953: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Aug 26 13:22:42.897955: | natd_hash: ip= c0 01 03 d1 Aug 26 13:22:42.897956: | natd_hash: port=500 Aug 26 13:22:42.897958: | natd_hash: hash= 0d fc a2 10 43 2f 9e f2 db d1 d6 00 5e 31 14 81 Aug 26 13:22:42.897959: | natd_hash: hash= f9 69 83 4b Aug 26 13:22:42.897961: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:22:42.897963: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:22:42.897964: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:22:42.897966: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 Aug 26 13:22:42.897972: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Aug 26 13:22:42.897974: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559d8e1101c8 Aug 26 13:22:42.897977: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:22:42.897979: | libevent_malloc: new ptr-libevent@0x559d8e10b968 size 128 Aug 26 13:22:42.897989: | #1 spent 0.837 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Aug 26 13:22:42.897993: | crypto helper 0 resuming Aug 26 13:22:42.897998: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:22:42.898000: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:22:42.898002: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Aug 26 13:22:42.898004: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Aug 26 13:22:42.898005: | suspending state #1 and saving MD Aug 26 13:22:42.898013: | #1 is busy; has a suspended MD Aug 26 13:22:42.898019: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:22:42.898024: | "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:22:42.898030: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.898035: | #1 spent 1.21 milliseconds in ikev2_process_packet() Aug 26 13:22:42.898039: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.898042: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.898045: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.898049: | spent 1.23 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.898624: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.00062 seconds Aug 26 13:22:42.898633: | (#1) spent 0.626 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Aug 26 13:22:42.898635: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:22:42.898637: | scheduling resume sending helper answer for #1 Aug 26 13:22:42.898639: | libevent_malloc: new ptr-libevent@0x7f6f98002888 size 128 Aug 26 13:22:42.898645: | crypto helper 0 waiting (nothing to do) Aug 26 13:22:42.898652: | processing resume sending helper answer for #1 Aug 26 13:22:42.898658: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 13:22:42.898661: | crypto helper 0 replies to request ID 1 Aug 26 13:22:42.898662: | calling continuation function 0x559d8c15fb50 Aug 26 13:22:42.898664: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Aug 26 13:22:42.898687: | **emit ISAKMP Message: Aug 26 13:22:42.898689: | initiator cookie: Aug 26 13:22:42.898691: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.898692: | responder cookie: Aug 26 13:22:42.898694: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.898696: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.898697: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.898699: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Aug 26 13:22:42.898701: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.898703: | Message ID: 0 (0x0) Aug 26 13:22:42.898705: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.898707: | Emitting ikev2_proposal ... Aug 26 13:22:42.898708: | ***emit IKEv2 Security Association Payload: Aug 26 13:22:42.898710: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898712: | flags: none (0x0) Aug 26 13:22:42.898714: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:22:42.898716: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898718: | ****emit IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.898721: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:22:42.898723: | prop #: 1 (0x1) Aug 26 13:22:42.898724: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Aug 26 13:22:42.898726: | spi size: 0 (0x0) Aug 26 13:22:42.898727: | # transforms: 3 (0x3) Aug 26 13:22:42.898729: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:22:42.898731: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:22:42.898733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.898734: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.898736: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.898738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:22:42.898740: | ******emit IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.898742: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.898743: | length/value: 256 (0x100) Aug 26 13:22:42.898745: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:22:42.898747: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:22:42.898748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.898750: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Aug 26 13:22:42.898752: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Aug 26 13:22:42.898754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.898755: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:22:42.898757: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:22:42.898759: | *****emit IKEv2 Transform Substructure Payload: Aug 26 13:22:42.898760: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.898762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Aug 26 13:22:42.898764: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.898766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.898767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:22:42.898769: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:22:42.898771: | emitting length of IKEv2 Proposal Substructure Payload: 36 Aug 26 13:22:42.898773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:22:42.898774: | emitting length of IKEv2 Security Association Payload: 40 Aug 26 13:22:42.898776: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:22:42.898778: | ***emit IKEv2 Key Exchange Payload: Aug 26 13:22:42.898780: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898781: | flags: none (0x0) Aug 26 13:22:42.898783: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Aug 26 13:22:42.898785: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Aug 26 13:22:42.898787: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898789: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Aug 26 13:22:42.898791: | ikev2 g^x 5a 1a ce 32 ff ce 10 9c 3f 58 0a 69 c7 5e 62 00 Aug 26 13:22:42.898792: | ikev2 g^x 8b fa 1a c1 33 1b 12 b5 b0 86 38 d8 45 b7 27 7b Aug 26 13:22:42.898794: | ikev2 g^x e1 29 76 a3 3b 1d 7b 6d c1 4b 79 b9 2a 70 f8 ee Aug 26 13:22:42.898795: | ikev2 g^x 15 e8 b7 6f c6 b6 be 55 7f 22 6f 1e 8c e5 84 c7 Aug 26 13:22:42.898797: | ikev2 g^x 66 cf c2 4f d4 92 8b c5 cd aa 74 42 39 33 7a 04 Aug 26 13:22:42.898799: | ikev2 g^x 38 06 b0 33 fd 00 6e 36 d4 0a a4 58 58 94 32 dc Aug 26 13:22:42.898801: | ikev2 g^x 38 2c 29 c5 ba 07 14 44 67 2a 21 52 0d f0 78 2e Aug 26 13:22:42.898802: | ikev2 g^x 0f be be f3 22 e3 a4 23 de 1a 2a 8e 39 52 e1 0a Aug 26 13:22:42.898804: | ikev2 g^x 0a 66 c8 50 39 bf 4c 90 c6 1c f2 88 0c e0 a7 1d Aug 26 13:22:42.898805: | ikev2 g^x 12 50 13 3d 47 f4 8d 98 37 ba 43 b6 7c 0b 85 f9 Aug 26 13:22:42.898807: | ikev2 g^x e9 4d 75 f6 b3 ec d3 c4 16 be e1 12 b3 8f f7 65 Aug 26 13:22:42.898808: | ikev2 g^x aa ea a4 96 d5 5e 4d d0 23 39 58 eb ad f2 18 4a Aug 26 13:22:42.898810: | ikev2 g^x 05 2f 22 f6 a4 56 44 72 4e a9 fb d3 a0 02 cc 72 Aug 26 13:22:42.898811: | ikev2 g^x b0 0f f0 cc b0 39 95 0f 9c 93 9d 7a 13 e1 b7 b3 Aug 26 13:22:42.898813: | ikev2 g^x 1b fd 67 4d bc b4 7b 90 ff 65 d1 09 e2 33 48 5b Aug 26 13:22:42.898814: | ikev2 g^x 4b 9a 03 ff 69 a0 35 85 5d 48 a8 98 9f 54 de 07 Aug 26 13:22:42.898816: | emitting length of IKEv2 Key Exchange Payload: 264 Aug 26 13:22:42.898818: | ***emit IKEv2 Nonce Payload: Aug 26 13:22:42.898819: | next payload type: ISAKMP_NEXT_v2N (0x29) Aug 26 13:22:42.898821: | flags: none (0x0) Aug 26 13:22:42.898823: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Aug 26 13:22:42.898825: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Aug 26 13:22:42.898827: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898828: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Aug 26 13:22:42.898830: | IKEv2 nonce 08 90 4c 94 0b 4d 3a 09 d2 c9 2b bc 39 4a 65 d8 Aug 26 13:22:42.898832: | IKEv2 nonce 6e 7e a0 68 6a 68 25 5c 65 19 92 e3 d8 29 32 2f Aug 26 13:22:42.898833: | emitting length of IKEv2 Nonce Payload: 36 Aug 26 13:22:42.898835: | Adding a v2N Payload Aug 26 13:22:42.898837: | ***emit IKEv2 Notify Payload: Aug 26 13:22:42.898838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898840: | flags: none (0x0) Aug 26 13:22:42.898842: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.898843: | SPI size: 0 (0x0) Aug 26 13:22:42.898845: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Aug 26 13:22:42.898847: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:22:42.898849: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898850: | emitting length of IKEv2 Notify Payload: 8 Aug 26 13:22:42.898852: | NAT-Traversal support [enabled] add v2N payloads. Aug 26 13:22:42.898859: | natd_hash: hasher=0x559d8c234800(20) Aug 26 13:22:42.898861: | natd_hash: icookie= f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.898862: | natd_hash: rcookie= 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.898864: | natd_hash: ip= c0 01 02 17 Aug 26 13:22:42.898865: | natd_hash: port=500 Aug 26 13:22:42.898867: | natd_hash: hash= 80 c5 16 d6 0d 48 9b c3 4f b9 11 a8 0c 11 e9 a8 Aug 26 13:22:42.898868: | natd_hash: hash= 83 19 77 3a Aug 26 13:22:42.898870: | Adding a v2N Payload Aug 26 13:22:42.898871: | ***emit IKEv2 Notify Payload: Aug 26 13:22:42.898873: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898875: | flags: none (0x0) Aug 26 13:22:42.898876: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.898878: | SPI size: 0 (0x0) Aug 26 13:22:42.898879: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Aug 26 13:22:42.898881: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:22:42.898883: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898885: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:22:42.898887: | Notify data 80 c5 16 d6 0d 48 9b c3 4f b9 11 a8 0c 11 e9 a8 Aug 26 13:22:42.898889: | Notify data 83 19 77 3a Aug 26 13:22:42.898891: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:22:42.898909: | natd_hash: hasher=0x559d8c234800(20) Aug 26 13:22:42.898911: | natd_hash: icookie= f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.898912: | natd_hash: rcookie= 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.898914: | natd_hash: ip= c0 01 03 d1 Aug 26 13:22:42.898915: | natd_hash: port=500 Aug 26 13:22:42.898917: | natd_hash: hash= 5a 32 42 9d e1 1a 15 c8 d7 09 b8 47 84 f4 0e c1 Aug 26 13:22:42.898918: | natd_hash: hash= a9 47 91 8d Aug 26 13:22:42.898920: | Adding a v2N Payload Aug 26 13:22:42.898921: | ***emit IKEv2 Notify Payload: Aug 26 13:22:42.898923: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898925: | flags: none (0x0) Aug 26 13:22:42.898926: | Protocol ID: PROTO_v2_RESERVED (0x0) Aug 26 13:22:42.898928: | SPI size: 0 (0x0) Aug 26 13:22:42.898929: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Aug 26 13:22:42.898931: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Aug 26 13:22:42.898933: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898935: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Aug 26 13:22:42.898937: | Notify data 5a 32 42 9d e1 1a 15 c8 d7 09 b8 47 84 f4 0e c1 Aug 26 13:22:42.898938: | Notify data a9 47 91 8d Aug 26 13:22:42.898940: | emitting length of IKEv2 Notify Payload: 28 Aug 26 13:22:42.898941: | going to send a certreq Aug 26 13:22:42.898943: | connection->kind is not CK_PERMANENT (instance), so collect CAs Aug 26 13:22:42.898947: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:22:42.898948: | Not a roadwarrior instance, sending empty CA in CERTREQ Aug 26 13:22:42.898950: | ***emit IKEv2 Certificate Request Payload: Aug 26 13:22:42.898952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.898954: | flags: none (0x0) Aug 26 13:22:42.898955: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:22:42.898957: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Aug 26 13:22:42.898959: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.898961: | emitting length of IKEv2 Certificate Request Payload: 5 Aug 26 13:22:42.898963: | emitting length of ISAKMP Message: 437 Aug 26 13:22:42.898969: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:22:42.898972: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Aug 26 13:22:42.898973: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Aug 26 13:22:42.898976: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Aug 26 13:22:42.898978: | Message ID: updating counters for #1 to 0 after switching state Aug 26 13:22:42.898981: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Aug 26 13:22:42.898984: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Aug 26 13:22:42.898987: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Aug 26 13:22:42.898990: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 13:22:42.898996: | sending 437 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.898999: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.899000: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Aug 26 13:22:42.899002: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Aug 26 13:22:42.899004: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Aug 26 13:22:42.899005: | 04 00 00 0e 28 00 01 08 00 0e 00 00 5a 1a ce 32 Aug 26 13:22:42.899007: | ff ce 10 9c 3f 58 0a 69 c7 5e 62 00 8b fa 1a c1 Aug 26 13:22:42.899008: | 33 1b 12 b5 b0 86 38 d8 45 b7 27 7b e1 29 76 a3 Aug 26 13:22:42.899010: | 3b 1d 7b 6d c1 4b 79 b9 2a 70 f8 ee 15 e8 b7 6f Aug 26 13:22:42.899011: | c6 b6 be 55 7f 22 6f 1e 8c e5 84 c7 66 cf c2 4f Aug 26 13:22:42.899013: | d4 92 8b c5 cd aa 74 42 39 33 7a 04 38 06 b0 33 Aug 26 13:22:42.899014: | fd 00 6e 36 d4 0a a4 58 58 94 32 dc 38 2c 29 c5 Aug 26 13:22:42.899016: | ba 07 14 44 67 2a 21 52 0d f0 78 2e 0f be be f3 Aug 26 13:22:42.899017: | 22 e3 a4 23 de 1a 2a 8e 39 52 e1 0a 0a 66 c8 50 Aug 26 13:22:42.899019: | 39 bf 4c 90 c6 1c f2 88 0c e0 a7 1d 12 50 13 3d Aug 26 13:22:42.899020: | 47 f4 8d 98 37 ba 43 b6 7c 0b 85 f9 e9 4d 75 f6 Aug 26 13:22:42.899022: | b3 ec d3 c4 16 be e1 12 b3 8f f7 65 aa ea a4 96 Aug 26 13:22:42.899023: | d5 5e 4d d0 23 39 58 eb ad f2 18 4a 05 2f 22 f6 Aug 26 13:22:42.899025: | a4 56 44 72 4e a9 fb d3 a0 02 cc 72 b0 0f f0 cc Aug 26 13:22:42.899026: | b0 39 95 0f 9c 93 9d 7a 13 e1 b7 b3 1b fd 67 4d Aug 26 13:22:42.899028: | bc b4 7b 90 ff 65 d1 09 e2 33 48 5b 4b 9a 03 ff Aug 26 13:22:42.899029: | 69 a0 35 85 5d 48 a8 98 9f 54 de 07 29 00 00 24 Aug 26 13:22:42.899031: | 08 90 4c 94 0b 4d 3a 09 d2 c9 2b bc 39 4a 65 d8 Aug 26 13:22:42.899032: | 6e 7e a0 68 6a 68 25 5c 65 19 92 e3 d8 29 32 2f Aug 26 13:22:42.899034: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Aug 26 13:22:42.899035: | 80 c5 16 d6 0d 48 9b c3 4f b9 11 a8 0c 11 e9 a8 Aug 26 13:22:42.899037: | 83 19 77 3a 26 00 00 1c 00 00 40 05 5a 32 42 9d Aug 26 13:22:42.899038: | e1 1a 15 c8 d7 09 b8 47 84 f4 0e c1 a9 47 91 8d Aug 26 13:22:42.899040: | 00 00 00 05 04 Aug 26 13:22:42.899074: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:42.899078: | libevent_free: release ptr-libevent@0x559d8e10b968 Aug 26 13:22:42.899080: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559d8e1101c8 Aug 26 13:22:42.899082: | event_schedule: new EVENT_SO_DISCARD-pe@0x559d8e1101c8 Aug 26 13:22:42.899084: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Aug 26 13:22:42.899086: | libevent_malloc: new ptr-libevent@0x559d8e1102a8 size 128 Aug 26 13:22:42.899089: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:22:42.899093: | #1 spent 0.412 milliseconds in resume sending helper answer Aug 26 13:22:42.899096: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 13:22:42.899098: | libevent_free: release ptr-libevent@0x7f6f98002888 Aug 26 13:22:42.912515: | spent 0.00267 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.912537: | *received 539 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.912540: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912541: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Aug 26 13:22:42.912543: | 00 01 00 05 3d 9d f9 36 96 fb 0c 3e 3e 93 86 c0 Aug 26 13:22:42.912544: | b9 5e cb 79 10 50 47 8a 22 b8 f3 35 69 96 b5 c8 Aug 26 13:22:42.912546: | 2e 0d 41 a6 8d ca 4d c7 b7 66 3f 68 7b 28 4c 3a Aug 26 13:22:42.912547: | 8c fd e1 0e 4a f2 bd 6b 71 8e 93 0f dc f4 31 aa Aug 26 13:22:42.912549: | 7c a8 25 b1 0c d3 9f 3a 4d 2b a6 91 e3 ce 60 64 Aug 26 13:22:42.912550: | c6 68 a2 91 ef c5 fc c0 ea 34 5f bf 13 d8 9d 67 Aug 26 13:22:42.912552: | 4d 17 e6 a1 b4 52 da 2c 11 ee 2c a1 6d 19 5c 70 Aug 26 13:22:42.912553: | 22 31 c9 af 9b 6a fa 91 c7 b3 b6 2d 81 6f 8f 35 Aug 26 13:22:42.912557: | a5 f8 38 f1 ad 08 9b e1 a6 2f 87 7a f2 98 de b3 Aug 26 13:22:42.912559: | d1 e3 b4 6c a0 8f 92 5f a2 d6 e0 8a 90 c0 d6 3b Aug 26 13:22:42.912560: | 27 47 15 5d 99 0d dc 82 f4 38 7e b3 ad 8b bd 14 Aug 26 13:22:42.912562: | 82 e6 8c da 03 05 9f 14 d3 d2 5d 9a d1 f8 45 05 Aug 26 13:22:42.912563: | c8 7a 69 15 17 f8 25 29 c6 4e 99 08 1e 6c 3d c3 Aug 26 13:22:42.912565: | a7 5c d1 f3 5d 23 85 63 f7 d1 0a 0e f7 84 04 62 Aug 26 13:22:42.912566: | 97 d1 9f 7d f9 e1 2a 20 7d 59 9c 47 70 4b 8e 18 Aug 26 13:22:42.912568: | db 2e 43 41 9b db 43 e8 d2 a9 06 2b 78 1e c5 8b Aug 26 13:22:42.912569: | 4a 15 24 5c fc 29 e8 c5 c3 14 a0 a9 a0 71 34 3d Aug 26 13:22:42.912571: | ba eb 62 d6 cf 4f af 05 79 46 72 cc 4c 76 c4 f1 Aug 26 13:22:42.912572: | c5 41 f8 f1 28 93 c8 d5 09 ab e3 b6 0c 8b 7a d1 Aug 26 13:22:42.912574: | f5 1c 29 ac 0a da b6 f1 b4 a3 1b 1c f9 c6 6c de Aug 26 13:22:42.912575: | 14 af 66 3a 01 66 65 07 88 64 05 bd 5f 50 cd 06 Aug 26 13:22:42.912577: | 86 2d 18 81 45 05 d5 cc b0 2d ac d1 90 f5 10 47 Aug 26 13:22:42.912578: | 7a d6 62 b0 78 58 b7 1d d3 c7 83 5f ac 2f 42 11 Aug 26 13:22:42.912580: | 78 82 e6 51 fc 30 73 1f 76 23 8f f4 25 da ee 74 Aug 26 13:22:42.912581: | 1a e3 df 75 d6 14 96 58 f6 67 8a 97 ae e7 ac 9e Aug 26 13:22:42.912583: | 32 78 9d a9 78 5e cf ae 38 aa f6 a8 d0 1e 76 37 Aug 26 13:22:42.912584: | 13 74 2b 12 f7 62 26 9b 82 e3 3a 11 47 8f 45 be Aug 26 13:22:42.912586: | ee 43 e6 9c e4 fa ff a1 14 4e bc c7 a3 9d 9b 0a Aug 26 13:22:42.912587: | 79 17 53 51 df 2a ca 9b f7 cf 3f bd 2b 90 40 e3 Aug 26 13:22:42.912589: | 41 49 c1 5f 88 63 7a d4 2a f1 1f 47 ed 7e 00 fb Aug 26 13:22:42.912590: | 44 8a 12 0b 06 8d 97 8a 06 92 6d d7 72 f8 54 32 Aug 26 13:22:42.912592: | cf 88 ba 2d ec 7c d4 d6 df b4 4a Aug 26 13:22:42.912595: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.912598: | **parse ISAKMP Message: Aug 26 13:22:42.912600: | initiator cookie: Aug 26 13:22:42.912601: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.912603: | responder cookie: Aug 26 13:22:42.912604: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912606: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:22:42.912608: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.912610: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.912612: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.912613: | Message ID: 1 (0x1) Aug 26 13:22:42.912615: | length: 539 (0x21b) Aug 26 13:22:42.912617: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:22:42.912619: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:22:42.912623: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:22:42.912628: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.912630: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Aug 26 13:22:42.912633: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2064) Aug 26 13:22:42.912635: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:22:42.912639: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Aug 26 13:22:42.912640: | unpacking clear payload Aug 26 13:22:42.912642: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.912644: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:22:42.912646: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Aug 26 13:22:42.912648: | flags: none (0x0) Aug 26 13:22:42.912649: | length: 511 (0x1ff) Aug 26 13:22:42.912651: | fragment number: 1 (0x1) Aug 26 13:22:42.912653: | total fragments: 5 (0x5) Aug 26 13:22:42.912654: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:22:42.912659: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Aug 26 13:22:42.912661: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.912663: | received IKE encrypted fragment number '1', total number '5', next payload '35' Aug 26 13:22:42.912665: | updated IKE fragment state to respond using fragments without waiting for re-transmits Aug 26 13:22:42.912669: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.912673: | #1 spent 0.144 milliseconds in ikev2_process_packet() Aug 26 13:22:42.912675: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.912678: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.912679: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.912682: | spent 0.154 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.912689: | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.912695: | *received 539 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.912697: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912698: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.912700: | 00 02 00 05 ff 04 2a cc 12 05 42 eb ba 34 9e f8 Aug 26 13:22:42.912701: | b8 38 7e fb ce 1a c1 30 28 6c ce 58 08 47 97 a3 Aug 26 13:22:42.912703: | 1b 86 dc 7c 24 c0 09 b8 ee 99 49 7a 39 8d 55 a2 Aug 26 13:22:42.912704: | 35 9d cb dd cc b8 82 a9 cd 45 22 9e 43 78 2c 94 Aug 26 13:22:42.912706: | 6c 8e 8e e4 55 16 df c2 2f 86 f4 e1 0b bf 10 07 Aug 26 13:22:42.912708: | 7a e8 ed bb d1 ad a7 81 08 2a b5 76 e0 b2 08 55 Aug 26 13:22:42.912709: | 6d e8 cb 11 23 64 94 42 42 e6 bf 33 69 7c 63 69 Aug 26 13:22:42.912711: | 29 03 a7 ec 5c 4e b0 f9 88 4c 07 d2 7a 8c db 0e Aug 26 13:22:42.912712: | b7 8a 6a cd a7 58 c2 a0 4b fe 7c 89 a2 6e 91 2a Aug 26 13:22:42.912714: | 51 80 06 72 88 94 32 43 f8 2f ea fb f8 f6 aa 7f Aug 26 13:22:42.912715: | d6 0f 47 84 eb 55 05 5c 26 0f 95 6b 0e a5 b6 1f Aug 26 13:22:42.912717: | 7e 41 68 e3 ba 20 4b 39 49 ba 1e 35 3f 59 20 8b Aug 26 13:22:42.912718: | 0c ae 5c 7a 10 d5 3b 95 6f 0d 68 94 1c 97 04 b7 Aug 26 13:22:42.912720: | 5a 52 fe 07 73 ba fd ce cb 1c 6d 1d f2 9c 9f 55 Aug 26 13:22:42.912721: | 4b c3 b7 0e 56 0a 0f 51 92 bb c8 e0 0c bf 18 f1 Aug 26 13:22:42.912723: | d8 62 fa 9f 61 89 31 f2 14 d3 b0 6e a3 2b f5 b8 Aug 26 13:22:42.912724: | 6a 7b 8b 5f 19 73 e5 9d f9 c6 40 40 6e 69 cc 27 Aug 26 13:22:42.912726: | 9a 6c a1 97 64 27 1d 11 c5 4b f3 c0 34 98 b3 80 Aug 26 13:22:42.912727: | 9b f4 00 f1 fa fe ce dd 12 f5 0b 52 3b 4e 6b 19 Aug 26 13:22:42.912729: | 88 1d 92 66 d5 8a 09 10 ff 46 6a 44 7f dc 19 8a Aug 26 13:22:42.912730: | 6c b8 5b 0d 7c 4c 68 3f 13 a2 b0 64 0d 23 4b 74 Aug 26 13:22:42.912732: | 34 aa 34 28 63 0a 92 0d 2b 8e 84 c7 19 1b cc e2 Aug 26 13:22:42.912733: | 97 a5 ab 10 32 03 80 cb 4d 50 11 ec 2f 02 1c ef Aug 26 13:22:42.912735: | d7 ca 0d 6f cd 52 04 9d 74 42 40 0a bf 6c 51 05 Aug 26 13:22:42.912736: | 9c 06 7b 92 92 15 52 40 02 00 85 f8 cf d7 56 7a Aug 26 13:22:42.912738: | c8 0b f4 c3 35 6c 7b f4 d6 64 04 00 99 4e 81 09 Aug 26 13:22:42.912739: | fd 9f cd 45 54 18 c5 12 5a 04 c6 c4 98 dc 3d 40 Aug 26 13:22:42.912741: | 7e 9c 64 6d c5 f9 f6 58 46 4b 8e ed ca 27 27 5a Aug 26 13:22:42.912742: | 76 e7 a3 f6 b1 15 b2 02 94 4e 6a 56 df 1a 6b 01 Aug 26 13:22:42.912744: | af f1 64 65 cd 3e 9e cc 1c e5 90 9e 2c c3 aa 77 Aug 26 13:22:42.912745: | f7 d8 04 68 39 64 33 42 b4 37 be 97 a6 33 44 23 Aug 26 13:22:42.912747: | 7d 73 dc 1e d9 54 7c 64 cc 84 63 Aug 26 13:22:42.912749: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.912753: | **parse ISAKMP Message: Aug 26 13:22:42.912754: | initiator cookie: Aug 26 13:22:42.912756: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.912757: | responder cookie: Aug 26 13:22:42.912759: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912761: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:22:42.912762: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.912764: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.912766: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.912767: | Message ID: 1 (0x1) Aug 26 13:22:42.912769: | length: 539 (0x21b) Aug 26 13:22:42.912771: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:22:42.912773: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:22:42.912774: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:22:42.912778: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.912782: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:22:42.912784: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:22:42.912785: | #1 is idle Aug 26 13:22:42.912787: | #1 idle Aug 26 13:22:42.912790: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:22:42.912791: | unpacking clear payload Aug 26 13:22:42.912793: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.912795: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:22:42.912796: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.912798: | flags: none (0x0) Aug 26 13:22:42.912800: | length: 511 (0x1ff) Aug 26 13:22:42.912801: | fragment number: 2 (0x2) Aug 26 13:22:42.912803: | total fragments: 5 (0x5) Aug 26 13:22:42.912804: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:22:42.912806: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.912808: | received IKE encrypted fragment number '2', total number '5', next payload '0' Aug 26 13:22:42.912812: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.912814: | #1 spent 0.123 milliseconds in ikev2_process_packet() Aug 26 13:22:42.912817: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.912819: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.912821: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.912823: | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.912828: | spent 0.0011 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.912833: | *received 539 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.912835: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912837: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.912838: | 00 03 00 05 52 5b 89 70 ee e6 b8 a1 4c 12 75 d6 Aug 26 13:22:42.912840: | eb 6f dd 05 2e 30 a8 26 da 90 60 0e 3d 49 07 b2 Aug 26 13:22:42.912841: | 94 95 c9 87 14 3e bb 70 2d fa 91 e4 bd 54 88 cb Aug 26 13:22:42.912843: | ab 73 1e cd 81 54 9c 72 24 58 21 74 21 9f 50 80 Aug 26 13:22:42.912844: | 37 53 97 d9 ca 58 0b d0 11 bf 98 95 7c 6d 06 c3 Aug 26 13:22:42.912846: | fc e0 0c 37 58 47 80 b7 68 f2 49 01 4e 30 02 6c Aug 26 13:22:42.912847: | fa f4 24 aa a3 0d 7e c4 b2 63 d7 88 a5 bf 42 d4 Aug 26 13:22:42.912849: | 93 44 25 54 6a 71 c5 7d d3 39 1c 47 7a 5c bb 2c Aug 26 13:22:42.912850: | 7e 41 f1 6a 4f d9 3a bc 68 30 a5 02 62 89 bb 9e Aug 26 13:22:42.912852: | 3c a8 df 18 0c 59 7e 0d 93 ce b2 f5 89 1a fb f6 Aug 26 13:22:42.912855: | da 65 1a 91 1b b9 59 d0 2e 11 89 cf b3 f6 30 5f Aug 26 13:22:42.912856: | 65 b2 ce ff 9b aa bf e4 f7 7d 5d 54 ef 29 00 af Aug 26 13:22:42.912858: | 11 ac 87 11 7a 0e ad 53 6c 3c fa 6c 2d 44 01 c9 Aug 26 13:22:42.912859: | 6a 5d 6b 48 d3 84 39 6e b0 6c d3 85 99 c8 4f e6 Aug 26 13:22:42.912861: | 49 7f 43 f0 b2 84 a5 f9 15 03 fc e4 24 28 a1 3a Aug 26 13:22:42.912862: | ca 88 67 47 a4 18 53 e6 57 d4 fa ee 3a fa 43 8a Aug 26 13:22:42.912864: | 49 40 a0 f3 79 45 ff 76 b6 53 ca 52 0b 50 b8 19 Aug 26 13:22:42.912865: | 69 52 29 33 2d 87 c6 3a c8 3e e9 ef fa a1 dc 4b Aug 26 13:22:42.912867: | ae 66 62 94 cc 9f f8 3a b9 51 87 99 23 e3 2e 9a Aug 26 13:22:42.912868: | e4 b0 1f e7 f9 95 5b fe 6b ab 68 80 de 6c 29 08 Aug 26 13:22:42.912870: | 23 7d c6 3b 83 16 3f c6 1e 2f 75 88 d2 2d 5c 7d Aug 26 13:22:42.912871: | 2e 66 eb 71 8d 41 10 31 e4 bf dc b4 41 c5 34 20 Aug 26 13:22:42.912873: | 7f 69 4f 77 c6 13 d8 84 4a c0 b1 f6 74 d2 ad 8d Aug 26 13:22:42.912874: | 1c 09 eb b1 d5 69 f5 45 a8 e4 fd d1 a9 15 54 be Aug 26 13:22:42.912876: | 2a 0d 71 55 3a 6f 9f 89 fa 0b 44 5a fc 3e 33 92 Aug 26 13:22:42.912877: | a8 43 c7 2f 9a b5 4e 34 f7 c4 ea 6b d4 5d 11 15 Aug 26 13:22:42.912879: | f5 69 95 2a ff 9c 9f 63 2c 70 55 07 b8 ad 75 93 Aug 26 13:22:42.912880: | 60 9d 16 03 43 5c 8c 6b 27 ac 2e 5d aa cb 0b 55 Aug 26 13:22:42.912882: | af 88 c9 9b 5a 86 53 88 77 de a6 84 2f b4 43 0a Aug 26 13:22:42.912883: | 20 43 f2 f6 cd 01 da ca c2 73 ec 56 eb 9a 4e 67 Aug 26 13:22:42.912885: | 4d 7f cf 35 65 4e f2 79 b0 9d 99 55 6f 03 6a 89 Aug 26 13:22:42.912886: | 49 67 cf 35 91 e0 a5 d5 49 0b 69 Aug 26 13:22:42.912889: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.912891: | **parse ISAKMP Message: Aug 26 13:22:42.912892: | initiator cookie: Aug 26 13:22:42.912894: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.912895: | responder cookie: Aug 26 13:22:42.912897: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912898: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:22:42.912900: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.912902: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.912903: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.912905: | Message ID: 1 (0x1) Aug 26 13:22:42.912906: | length: 539 (0x21b) Aug 26 13:22:42.912908: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:22:42.912910: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:22:42.912912: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:22:42.912916: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.912919: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:22:42.912921: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:22:42.912922: | #1 is idle Aug 26 13:22:42.912924: | #1 idle Aug 26 13:22:42.912926: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:22:42.912928: | unpacking clear payload Aug 26 13:22:42.912929: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.912931: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:22:42.912933: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.912934: | flags: none (0x0) Aug 26 13:22:42.912936: | length: 511 (0x1ff) Aug 26 13:22:42.912937: | fragment number: 3 (0x3) Aug 26 13:22:42.912939: | total fragments: 5 (0x5) Aug 26 13:22:42.912940: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:22:42.912942: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.912944: | received IKE encrypted fragment number '3', total number '5', next payload '0' Aug 26 13:22:42.912948: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.912951: | #1 spent 0.121 milliseconds in ikev2_process_packet() Aug 26 13:22:42.912954: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.912956: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.912957: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.912960: | spent 0.129 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.912964: | spent 0.00107 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.912970: | *received 539 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.912972: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.912973: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.912975: | 00 04 00 05 1e a0 c1 dc 61 6e 66 78 85 18 d1 04 Aug 26 13:22:42.912976: | 23 3c 45 82 cb 67 8c ef c4 93 08 ba 31 d0 25 84 Aug 26 13:22:42.912978: | c8 90 7d 7d 6b f5 aa 2a c4 38 8b ec 4e 8c ff 9e Aug 26 13:22:42.912979: | bb 68 11 81 85 fd e1 72 6b 53 6a 0d 79 e0 64 12 Aug 26 13:22:42.912981: | 7e c3 c3 66 6b e9 5c 5a f5 37 9d 84 51 50 a5 8c Aug 26 13:22:42.912982: | fd bc 9a 3f 84 17 52 e8 8c 97 73 3b f8 c2 6e 11 Aug 26 13:22:42.912984: | ab be 1a af f9 cf 1c e9 c4 b5 c9 69 f3 45 1e 6f Aug 26 13:22:42.912985: | 61 34 8a cc 38 3a 95 95 7d 8c a1 2e e4 a0 68 2b Aug 26 13:22:42.912987: | aa 41 45 cd 32 88 ab f4 0e 60 63 a2 d4 d6 da 43 Aug 26 13:22:42.912988: | 36 ac cb 6c cb 9a 82 ea 37 c9 46 2d 18 be 09 82 Aug 26 13:22:42.912990: | 1f cf d0 f1 5e bf 6b c0 f1 b6 64 4f 1c c4 49 39 Aug 26 13:22:42.912991: | b1 fc 9e 89 21 99 56 54 7b f7 bd 3e ae 37 a3 e2 Aug 26 13:22:42.912993: | cf 45 b9 9f ac 19 93 0e 94 fd e0 24 4b d3 c2 80 Aug 26 13:22:42.912994: | 02 ac 68 d7 9d b5 04 8e 44 55 8a ec ff d0 f8 e8 Aug 26 13:22:42.912996: | ab e4 62 f9 1c 32 85 d8 69 23 d3 9e a1 c5 54 ac Aug 26 13:22:42.912997: | b5 5e 21 08 54 1c 49 b4 23 86 3b 03 a6 07 11 b4 Aug 26 13:22:42.912999: | 6a 38 08 9a 72 ee 00 ea 0a 82 ef 76 08 0c 73 09 Aug 26 13:22:42.913001: | 9f 0d 0b 16 cf da c7 79 17 fc e1 4f a9 93 56 53 Aug 26 13:22:42.913002: | a3 91 4f 9b ff f7 63 00 5e 91 b8 62 ee dd 50 f7 Aug 26 13:22:42.913004: | 32 b6 1b ec f1 23 4a 08 27 5a 71 b4 86 4b b9 a8 Aug 26 13:22:42.913005: | d0 89 21 66 d6 0e 53 5d 97 52 6d 9a eb b4 7f cb Aug 26 13:22:42.913007: | a2 1e 3f e3 08 25 e7 a7 62 ad e7 14 74 94 ae 06 Aug 26 13:22:42.913008: | 4f d8 8d 67 e2 7d 28 94 7b 1e 4e 79 39 1d 4a 0c Aug 26 13:22:42.913010: | 28 1f 3b 1d 02 cb e5 94 8c 91 7c 9e c3 f6 d9 0a Aug 26 13:22:42.913011: | 65 ec a1 18 1f 08 ba 80 fe 98 dc 64 8e f6 fb 58 Aug 26 13:22:42.913013: | c6 ef b9 53 a2 d4 fd b0 64 2a 8e f2 13 e6 74 c0 Aug 26 13:22:42.913014: | 14 e0 8e 3f 6a 82 87 11 c6 dc 7c 02 e0 d5 1a 67 Aug 26 13:22:42.913016: | 1d 1c b5 0e 86 1f 4b b7 82 b4 26 bf 2a f6 9b 1b Aug 26 13:22:42.913017: | 1d 51 7f cb 82 7a 3e 97 30 03 4c 12 98 9c 3c bd Aug 26 13:22:42.913019: | 1e 23 12 50 5e bc c7 7e ef 44 22 ad 1d d4 18 89 Aug 26 13:22:42.913020: | 81 88 cc fc 64 be 49 c1 92 4d 83 30 71 ec 65 60 Aug 26 13:22:42.913022: | 7c d3 dc 40 e3 8f ac c8 46 69 d2 Aug 26 13:22:42.913024: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.913026: | **parse ISAKMP Message: Aug 26 13:22:42.913027: | initiator cookie: Aug 26 13:22:42.913029: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.913030: | responder cookie: Aug 26 13:22:42.913032: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.913034: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:22:42.913035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.913037: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.913040: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.913041: | Message ID: 1 (0x1) Aug 26 13:22:42.913043: | length: 539 (0x21b) Aug 26 13:22:42.913045: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:22:42.913046: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:22:42.913048: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:22:42.913052: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.913055: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:22:42.913057: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:22:42.913058: | #1 is idle Aug 26 13:22:42.913060: | #1 idle Aug 26 13:22:42.913062: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:22:42.913064: | unpacking clear payload Aug 26 13:22:42.913066: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.913067: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:22:42.913069: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.913070: | flags: none (0x0) Aug 26 13:22:42.913072: | length: 511 (0x1ff) Aug 26 13:22:42.913074: | fragment number: 4 (0x4) Aug 26 13:22:42.913075: | total fragments: 5 (0x5) Aug 26 13:22:42.913077: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Aug 26 13:22:42.913078: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.913080: | received IKE encrypted fragment number '4', total number '5', next payload '0' Aug 26 13:22:42.913084: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.913086: | #1 spent 0.119 milliseconds in ikev2_process_packet() Aug 26 13:22:42.913089: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.913091: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.913092: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.913095: | spent 0.128 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.913100: | spent 0.00108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:42.913105: | *received 397 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) Aug 26 13:22:42.913107: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.913108: | 35 20 23 08 00 00 00 01 00 00 01 8d 00 00 01 71 Aug 26 13:22:42.913110: | 00 05 00 05 b6 08 f2 94 35 7b d1 fa 24 64 2d a3 Aug 26 13:22:42.913111: | 9a de ed 33 bc 27 18 29 0a 84 e5 fa 8e 5c e3 90 Aug 26 13:22:42.913113: | e8 73 97 50 88 0b 52 c3 c1 8f b7 02 0e 82 93 a0 Aug 26 13:22:42.913114: | d7 8c ca c0 c5 d0 cb 2e c0 ff 20 e9 dc ad 09 b6 Aug 26 13:22:42.913116: | af 1d 43 fa cf 76 6b ac ab 38 21 49 b4 83 e5 ee Aug 26 13:22:42.913117: | 78 56 ce 05 4e 5c 4e ea 99 dd cb ad da 89 da ce Aug 26 13:22:42.913119: | 4a cc c9 97 fa 70 5a 89 3a 14 a7 db bb 15 a7 92 Aug 26 13:22:42.913121: | 1e a3 16 0a 9d 56 d3 b9 5e 16 74 31 fd fd 27 66 Aug 26 13:22:42.913122: | 7b 2c f8 31 ca a1 96 b5 0d 74 50 83 d1 95 87 7b Aug 26 13:22:42.913124: | 08 03 b9 28 7c 53 ff 79 56 0f 81 17 e9 a1 86 22 Aug 26 13:22:42.913125: | d0 67 46 43 2c 43 a2 b8 bb fc 64 83 a2 85 0a 89 Aug 26 13:22:42.913127: | 6f 7a 87 40 33 df e0 84 e2 60 c0 15 73 c2 75 70 Aug 26 13:22:42.913128: | 11 3a 01 e4 ad 2b 01 56 e8 2c aa 7d 70 0a 63 6b Aug 26 13:22:42.913130: | f9 e8 13 e0 97 a8 e0 1f 19 09 50 05 3f 2f 0e 67 Aug 26 13:22:42.913131: | 79 aa 46 a1 11 df 95 82 74 11 7a 26 25 47 f7 cd Aug 26 13:22:42.913133: | df 1b c8 b4 ab 4b a2 f0 d9 56 c7 f9 5e 50 f4 4a Aug 26 13:22:42.913135: | 92 45 52 12 07 c1 16 9d f3 51 63 fa 37 3a 85 81 Aug 26 13:22:42.913137: | 73 65 22 17 08 30 dd bd f2 da f8 8d fb 20 75 4f Aug 26 13:22:42.913139: | 35 bb de 76 9b 52 e7 ea 52 89 a3 08 34 14 be 4b Aug 26 13:22:42.913140: | 2b c3 b7 00 9f 82 f3 af 05 ae 82 5e 69 7f d0 4c Aug 26 13:22:42.913142: | b9 e9 cf c4 2e f2 ee 83 13 d6 cd 63 76 57 1e d7 Aug 26 13:22:42.913143: | 33 a3 0c 98 4c b0 fa 33 c1 a1 ee 6c f0 99 aa d9 Aug 26 13:22:42.913145: | 6f c8 20 8a 0c 82 a6 59 8a 65 c5 88 9e Aug 26 13:22:42.913147: | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) Aug 26 13:22:42.913149: | **parse ISAKMP Message: Aug 26 13:22:42.913150: | initiator cookie: Aug 26 13:22:42.913152: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.913153: | responder cookie: Aug 26 13:22:42.913155: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.913156: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Aug 26 13:22:42.913158: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.913160: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.913161: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Aug 26 13:22:42.913163: | Message ID: 1 (0x1) Aug 26 13:22:42.913164: | length: 397 (0x18d) Aug 26 13:22:42.913166: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Aug 26 13:22:42.913168: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Aug 26 13:22:42.913170: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Aug 26 13:22:42.913174: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2016) Aug 26 13:22:42.913177: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ike_process_packet() at ikev2.c:2062) Aug 26 13:22:42.913179: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Aug 26 13:22:42.913180: | #1 is idle Aug 26 13:22:42.913181: | #1 idle Aug 26 13:22:42.913184: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Aug 26 13:22:42.913186: | unpacking clear payload Aug 26 13:22:42.913187: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.913189: | ***parse IKEv2 Encrypted Fragment: Aug 26 13:22:42.913190: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.913192: | flags: none (0x0) Aug 26 13:22:42.913193: | length: 369 (0x171) Aug 26 13:22:42.913195: | fragment number: 5 (0x5) Aug 26 13:22:42.913197: | total fragments: 5 (0x5) Aug 26 13:22:42.913198: | processing payload: ISAKMP_NEXT_v2SKF (len=361) Aug 26 13:22:42.913200: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.913202: | received IKE encrypted fragment number '5', total number '5', next payload '0' Aug 26 13:22:42.913204: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:22:42.913206: | Now let's proceed with state specific processing Aug 26 13:22:42.913207: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Aug 26 13:22:42.913210: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Aug 26 13:22:42.913215: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Aug 26 13:22:42.913218: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Aug 26 13:22:42.913220: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:22:42.913223: | libevent_free: release ptr-libevent@0x559d8e1102a8 Aug 26 13:22:42.913225: | free_event_entry: release EVENT_SO_DISCARD-pe@0x559d8e1101c8 Aug 26 13:22:42.913227: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x559d8e1101c8 Aug 26 13:22:42.913230: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:22:42.913232: | libevent_malloc: new ptr-libevent@0x7f6f98002888 size 128 Aug 26 13:22:42.913242: | #1 spent 0.0311 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Aug 26 13:22:42.913246: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:22:42.913248: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Aug 26 13:22:42.913249: | crypto helper 1 resuming Aug 26 13:22:42.913250: | suspending state #1 and saving MD Aug 26 13:22:42.913271: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:22:42.913272: | #1 is busy; has a suspended MD Aug 26 13:22:42.913278: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Aug 26 13:22:42.913280: | [RE]START processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in log_stf_suspend() at ikev2.c:3269) Aug 26 13:22:42.913287: | "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3451 Aug 26 13:22:42.913297: | stop processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in ikev2_process_packet() at ikev2.c:2018) Aug 26 13:22:42.913302: | #1 spent 0.182 milliseconds in ikev2_process_packet() Aug 26 13:22:42.913306: | stop processing: from 192.1.3.209:500 (in process_md() at demux.c:380) Aug 26 13:22:42.913308: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:42.913310: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:42.913312: | spent 0.193 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.914042: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Aug 26 13:22:42.914470: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001191 seconds Aug 26 13:22:42.914485: | (#1) spent 1.19 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Aug 26 13:22:42.914489: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:22:42.914493: | scheduling resume sending helper answer for #1 Aug 26 13:22:42.914496: | libevent_malloc: new ptr-libevent@0x7f6f90000f48 size 128 Aug 26 13:22:42.914504: | crypto helper 1 waiting (nothing to do) Aug 26 13:22:42.914512: | processing resume sending helper answer for #1 Aug 26 13:22:42.914523: | start processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) Aug 26 13:22:42.914526: | crypto helper 1 replies to request ID 2 Aug 26 13:22:42.914528: | calling continuation function 0x559d8c15fb50 Aug 26 13:22:42.914530: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Aug 26 13:22:42.914533: | #1 in state PARENT_R1: received v2I1, sent v2R1 Aug 26 13:22:42.914535: | already have all fragments, skipping fragment collection Aug 26 13:22:42.914536: | already have all fragments, skipping fragment collection Aug 26 13:22:42.914566: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Aug 26 13:22:42.914568: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Aug 26 13:22:42.914571: | **parse IKEv2 Identification - Initiator - Payload: Aug 26 13:22:42.914588: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Aug 26 13:22:42.914589: | flags: none (0x0) Aug 26 13:22:42.914591: | length: 191 (0xbf) Aug 26 13:22:42.914593: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:22:42.914595: | processing payload: ISAKMP_NEXT_v2IDi (len=183) Aug 26 13:22:42.914596: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Aug 26 13:22:42.914599: | **parse IKEv2 Certificate Payload: Aug 26 13:22:42.914600: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Aug 26 13:22:42.914602: | flags: none (0x0) Aug 26 13:22:42.914604: | length: 1229 (0x4cd) Aug 26 13:22:42.914605: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:22:42.914607: | processing payload: ISAKMP_NEXT_v2CERT (len=1224) Aug 26 13:22:42.914612: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Aug 26 13:22:42.914614: | **parse IKEv2 Certificate Request Payload: Aug 26 13:22:42.914616: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:22:42.914617: | flags: none (0x0) Aug 26 13:22:42.914619: | length: 5 (0x5) Aug 26 13:22:42.914620: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:22:42.914622: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Aug 26 13:22:42.914624: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Aug 26 13:22:42.914625: | **parse IKEv2 Identification - Responder - Payload: Aug 26 13:22:42.914627: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Aug 26 13:22:42.914628: | flags: none (0x0) Aug 26 13:22:42.914630: | length: 191 (0xbf) Aug 26 13:22:42.914632: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:22:42.914633: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Aug 26 13:22:42.914635: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Aug 26 13:22:42.914637: | **parse IKEv2 Authentication Payload: Aug 26 13:22:42.914638: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:22:42.914640: | flags: none (0x0) Aug 26 13:22:42.914641: | length: 392 (0x188) Aug 26 13:22:42.914643: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:22:42.914658: | processing payload: ISAKMP_NEXT_v2AUTH (len=384) Aug 26 13:22:42.914659: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Aug 26 13:22:42.914661: | **parse IKEv2 Configuration Payload: Aug 26 13:22:42.914663: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:22:42.914664: | flags: none (0x0) Aug 26 13:22:42.914666: | length: 28 (0x1c) Aug 26 13:22:42.914667: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Aug 26 13:22:42.914669: | processing payload: ISAKMP_NEXT_v2CP (len=20) Aug 26 13:22:42.914670: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Aug 26 13:22:42.914672: | **parse IKEv2 Security Association Payload: Aug 26 13:22:42.914674: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Aug 26 13:22:42.914675: | flags: none (0x0) Aug 26 13:22:42.914677: | length: 164 (0xa4) Aug 26 13:22:42.914678: | processing payload: ISAKMP_NEXT_v2SA (len=160) Aug 26 13:22:42.914680: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Aug 26 13:22:42.914681: | **parse IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:22:42.914683: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Aug 26 13:22:42.914699: | flags: none (0x0) Aug 26 13:22:42.914701: | length: 24 (0x18) Aug 26 13:22:42.914703: | number of TS: 1 (0x1) Aug 26 13:22:42.914704: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Aug 26 13:22:42.914706: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Aug 26 13:22:42.914708: | **parse IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:22:42.914709: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.914711: | flags: none (0x0) Aug 26 13:22:42.914712: | length: 24 (0x18) Aug 26 13:22:42.914714: | number of TS: 1 (0x1) Aug 26 13:22:42.914715: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Aug 26 13:22:42.914717: | selected state microcode Responder: process IKE_AUTH request Aug 26 13:22:42.914719: | Now let's proceed with state specific processing Aug 26 13:22:42.914721: | calling processor Responder: process IKE_AUTH request Aug 26 13:22:42.914726: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,CP,SA,TSi,TSr} Aug 26 13:22:42.914730: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:22:42.914736: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:22:42.914739: loading root certificate cache Aug 26 13:22:42.917982: | spent 3.22 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:22:42.918010: | spent 0.0155 milliseconds in get_root_certs() filtering CAs Aug 26 13:22:42.918015: | #1 spent 3.27 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:22:42.918021: | checking for known CERT payloads Aug 26 13:22:42.918023: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:22:42.918468: | decoded cert: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:22:42.918478: | #1 spent 0.444 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:22:42.918481: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:22:42.918511: | #1 spent 0.0286 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:22:42.918514: | missing or expired CRL Aug 26 13:22:42.918517: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:22:42.918519: | verify_end_cert trying profile IPsec Aug 26 13:22:42.918591: | certificate is valid (profile IPsec) Aug 26 13:22:42.918597: | #1 spent 0.0792 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:22:42.918602: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: certificate verified OK: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:22:42.918667: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e11a3b8 Aug 26 13:22:42.918671: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e1235c8 Aug 26 13:22:42.918673: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x559d8e122c08 Aug 26 13:22:42.918760: | unreference key: 0x559d8e11a2c8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- Aug 26 13:22:42.918767: | #1 spent 0.162 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:22:42.918770: | #1 spent 4.01 milliseconds in decode_certs() Aug 26 13:22:42.918773: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:22:42.918774: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:22:42.918776: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:22:42.918777: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:22:42.918779: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:22:42.918781: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:22:42.918782: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 Aug 26 13:22:42.918784: | DER ASN1 DN: 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.918785: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:22:42.918787: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 Aug 26 13:22:42.918788: | DER ASN1 DN: 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.918790: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:22:42.918791: | received IDr payload - extracting our alleged ID Aug 26 13:22:42.918793: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:22:42.918795: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:22:42.918796: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:22:42.918798: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:22:42.918799: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:22:42.918801: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:22:42.918802: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:22:42.918804: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.918805: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:22:42.918807: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:22:42.918808: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.918812: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:22:42.918815: | ID_DER_ASN1_DN '%fromcert' does not need further ID verification Aug 26 13:22:42.918816: | stomping on peer_id Aug 26 13:22:42.918818: | X509: CERT and ID matches current connection Aug 26 13:22:42.918820: | CERT_X509_SIGNATURE CR: Aug 26 13:22:42.918822: | Aug 26 13:22:42.918823: | requested CA: '%any' Aug 26 13:22:42.918826: | refine_host_connection for IKEv2: starting with "rw-east-pool-x509-ipv4"[1] 192.1.3.209 Aug 26 13:22:42.918831: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.918837: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org Aug 26 13:22:42.918839: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org Aug 26 13:22:42.918841: | results matched Aug 26 13:22:42.918844: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.918848: | refine_host_connection: checking "rw-east-pool-x509-ipv4"[1] 192.1.3.209 against "rw-east-pool-x509-ipv4"[1] 192.1.3.209, best=(none) with match=1(id=1(0)/ca=1(7)/reqca=1(0)) Aug 26 13:22:42.918850: | Warning: not switching back to template of current instance Aug 26 13:22:42.918854: | Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload Aug 26 13:22:42.918857: | This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) Aug 26 13:22:42.918864: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:22:42.918867: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 13:22:42.918870: | refine_host_connection: checked rw-east-pool-x509-ipv4[1] 192.1.3.209 against rw-east-pool-x509-ipv4[1] 192.1.3.209, now for see if best Aug 26 13:22:42.918876: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_RSA Aug 26 13:22:42.918909: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:22:42.918915: | refine_host_connection: picking new best "rw-east-pool-x509-ipv4"[1] 192.1.3.209 (wild=0, peer_pathlen=7/our=0) Aug 26 13:22:42.918916: | refine going into 2nd loop allowing instantiated conns as well Aug 26 13:22:42.918920: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Aug 26 13:22:42.918925: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org Aug 26 13:22:42.918926: | b=%fromcert Aug 26 13:22:42.918928: | results fail Aug 26 13:22:42.918931: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.918934: | refine_host_connection: checking "rw-east-pool-x509-ipv4"[1] 192.1.3.209 against "rw-east-pool-x509-ipv4", best=rw-east-pool-x509-ipv4 with match=0(id=0(0)/ca=1(7)/reqca=1(0)) Aug 26 13:22:42.918936: | Warning: not switching back to template of current instance Aug 26 13:22:42.918940: | Peer expects us to be C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) according to its IDr payload Aug 26 13:22:42.918945: | This connection's local id is C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org (ID_DER_ASN1_DN) Aug 26 13:22:42.918951: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: No matching subjectAltName found for '=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:22:42.918953: | IDr payload 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' is NOT a valid certificate SAN for this connection Aug 26 13:22:42.918956: | refine_host_connection: checked rw-east-pool-x509-ipv4[1] 192.1.3.209 against rw-east-pool-x509-ipv4, now for see if best Aug 26 13:22:42.918960: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_RSA Aug 26 13:22:42.918991: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:22:42.918995: | returning since no better match than original best_found Aug 26 13:22:42.918999: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.919003: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' Aug 26 13:22:42.919020: | received CERTREQ payload; going to decode it Aug 26 13:22:42.919022: | CERT_X509_SIGNATURE CR: Aug 26 13:22:42.919024: | Aug 26 13:22:42.919025: | requested CA: '%any' Aug 26 13:22:42.919027: | verifying AUTH payload Aug 26 13:22:42.919035: | required RSA CA is '%any' Aug 26 13:22:42.919041: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' Aug 26 13:22:42.919045: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.919048: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:42.919148: | an RSA Sig check passed with *AwEAAd7rc [remote certificates] Aug 26 13:22:42.919152: | #1 spent 0.101 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:22:42.919155: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: Authenticated using RSA Aug 26 13:22:42.919158: | #1 spent 0.128 milliseconds in ikev2_verify_rsa_hash() Aug 26 13:22:42.919161: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Aug 26 13:22:42.919164: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:22:42.919166: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:42.919170: | libevent_free: release ptr-libevent@0x7f6f98002888 Aug 26 13:22:42.919172: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x559d8e1101c8 Aug 26 13:22:42.919174: | event_schedule: new EVENT_SA_REKEY-pe@0x559d8e1101c8 Aug 26 13:22:42.919176: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Aug 26 13:22:42.919178: | libevent_malloc: new ptr-libevent@0x559d8e12edd8 size 128 Aug 26 13:22:42.919254: | pstats #1 ikev2.ike established Aug 26 13:22:42.919265: | **emit ISAKMP Message: Aug 26 13:22:42.919268: | initiator cookie: Aug 26 13:22:42.919271: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.919274: | responder cookie: Aug 26 13:22:42.919276: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.919281: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.919285: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.919313: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.919320: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.919323: | Message ID: 1 (0x1) Aug 26 13:22:42.919327: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.919330: | IKEv2 CERT: send a certificate? Aug 26 13:22:42.919333: | IKEv2 CERT: OK to send a certificate (always) Aug 26 13:22:42.919337: | ***emit IKEv2 Encryption Payload: Aug 26 13:22:42.919340: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.919356: | flags: none (0x0) Aug 26 13:22:42.919358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Aug 26 13:22:42.919360: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.919363: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Aug 26 13:22:42.919368: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:22:42.919378: | ****emit IKEv2 Identification - Responder - Payload: Aug 26 13:22:42.919380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.919382: | flags: none (0x0) Aug 26 13:22:42.919384: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:22:42.919386: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Aug 26 13:22:42.919388: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.919390: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Aug 26 13:22:42.919392: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:22:42.919393: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:22:42.919395: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:22:42.919396: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:22:42.919398: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:22:42.919399: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:22:42.919401: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:22:42.919402: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.919404: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:22:42.919405: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:22:42.919407: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:22:42.919408: | my identity 77 61 6e 2e 6f 72 67 Aug 26 13:22:42.919410: | emitting length of IKEv2 Identification - Responder - Payload: 191 Aug 26 13:22:42.919416: | assembled IDr payload Aug 26 13:22:42.919418: | Sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:22:42.919420: | ****emit IKEv2 Certificate Payload: Aug 26 13:22:42.919422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.919423: | flags: none (0x0) Aug 26 13:22:42.919425: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:22:42.919427: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Aug 26 13:22:42.919429: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.919431: | emitting 1260 raw bytes of CERT into IKEv2 Certificate Payload Aug 26 13:22:42.919432: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 13:22:42.919434: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:22:42.919437: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:22:42.919439: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:22:42.919440: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:22:42.919442: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:22:42.919443: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:22:42.919445: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:22:42.919446: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:22:42.919448: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:22:42.919449: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:22:42.919451: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:22:42.919452: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:22:42.919454: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:22:42.919455: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:22:42.919457: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:22:42.919458: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:22:42.919460: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:22:42.919461: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:22:42.919463: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:22:42.919464: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:22:42.919465: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 13:22:42.919467: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:22:42.919468: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 13:22:42.919470: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 13:22:42.919471: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:22:42.919473: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 13:22:42.919474: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 13:22:42.919476: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 13:22:42.919477: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 13:22:42.919479: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 13:22:42.919480: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 13:22:42.919482: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 13:22:42.919483: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 13:22:42.919485: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 13:22:42.919486: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 13:22:42.919488: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 13:22:42.919489: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 13:22:42.919491: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 13:22:42.919492: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 13:22:42.919494: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 13:22:42.919495: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 13:22:42.919497: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 13:22:42.919498: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 13:22:42.919500: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 13:22:42.919501: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 13:22:42.919503: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 13:22:42.919504: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 13:22:42.919506: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 13:22:42.919507: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 13:22:42.919508: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 13:22:42.919511: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 13:22:42.919512: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 13:22:42.919514: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 13:22:42.919515: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 13:22:42.919517: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:22:42.919518: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 13:22:42.919520: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:22:42.919521: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 13:22:42.919523: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 13:22:42.919524: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 13:22:42.919526: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 13:22:42.919527: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 13:22:42.919529: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:22:42.919530: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:22:42.919532: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 13:22:42.919533: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 13:22:42.919535: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:22:42.919536: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 13:22:42.919538: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 13:22:42.919539: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 13:22:42.919541: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 13:22:42.919542: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 13:22:42.919544: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 13:22:42.919545: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 13:22:42.919547: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 13:22:42.919548: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 13:22:42.919550: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 13:22:42.919551: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 13:22:42.919553: | emitting length of IKEv2 Certificate Payload: 1265 Aug 26 13:22:42.919555: | CHILD SA proposals received Aug 26 13:22:42.919556: | going to assemble AUTH payload Aug 26 13:22:42.919558: | ****emit IKEv2 Authentication Payload: Aug 26 13:22:42.919560: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Aug 26 13:22:42.919576: | flags: none (0x0) Aug 26 13:22:42.919578: | auth method: IKEv2_AUTH_RSA (0x1) Aug 26 13:22:42.919583: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 47:ISAKMP_NEXT_v2CP Aug 26 13:22:42.919588: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Aug 26 13:22:42.919592: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.919605: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_RSA Aug 26 13:22:42.919680: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:22:42.925850: | #1 spent 6.12 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Aug 26 13:22:42.925861: | emitting 384 raw bytes of rsa signature into IKEv2 Authentication Payload Aug 26 13:22:42.925863: | rsa signature 76 f6 5b c0 e0 2d c1 85 92 e1 89 e3 81 c1 8c a9 Aug 26 13:22:42.925865: | rsa signature b3 a8 72 07 6a 45 8b ed 80 ed ca 9e b2 81 c6 fc Aug 26 13:22:42.925867: | rsa signature 50 a0 48 b4 af 99 c5 ab 0e 00 37 96 77 d5 20 fe Aug 26 13:22:42.925871: | rsa signature 72 b0 c3 e7 a2 cc 3d ad 45 cb b1 7b ef c6 71 3f Aug 26 13:22:42.925873: | rsa signature 21 ef 86 13 42 84 bc 56 a5 66 c6 a1 88 dc c2 87 Aug 26 13:22:42.925874: | rsa signature db d4 98 21 ff d6 09 0d 17 8f 31 f1 9f e8 fc 1a Aug 26 13:22:42.925876: | rsa signature 92 4f 50 5b 21 89 ff 07 28 9a ef 36 9d d2 d6 82 Aug 26 13:22:42.925877: | rsa signature 6c 53 47 39 93 7b f7 89 82 ff 4b 47 51 6f 0c 39 Aug 26 13:22:42.925879: | rsa signature 34 f5 ec 98 06 d5 bb d4 89 47 71 02 2a bf a4 97 Aug 26 13:22:42.925880: | rsa signature 2c 6a 6f c2 ec 80 3e e3 bf 3b 27 d5 fd 3c 44 02 Aug 26 13:22:42.925882: | rsa signature 70 3b 71 40 ab f5 9c 76 e1 41 3c fb c2 90 0d a9 Aug 26 13:22:42.925883: | rsa signature 13 8b 02 30 5c 6c 17 69 d9 72 01 b9 40 0e f6 04 Aug 26 13:22:42.925885: | rsa signature 23 14 af 53 7a 72 b6 7b fc 85 b0 12 54 5d fc fc Aug 26 13:22:42.925886: | rsa signature 74 02 c4 6d c9 aa fe 27 b1 9c 38 08 8f 0e 26 ac Aug 26 13:22:42.925888: | rsa signature ab a3 f6 2e 45 45 83 bb 8d 09 99 2d e6 85 47 1b Aug 26 13:22:42.925889: | rsa signature 91 14 75 e9 47 e2 36 7d f1 c8 d4 d5 56 87 e0 ce Aug 26 13:22:42.925891: | rsa signature c7 35 51 1a 09 5c c4 de 77 0d ff 47 ad 2a 05 f3 Aug 26 13:22:42.925892: | rsa signature dc fc 4b 1c b6 67 69 dd 24 3c 71 e4 10 de 38 33 Aug 26 13:22:42.925894: | rsa signature 9b 61 63 27 b4 b1 98 20 fc 21 fa 67 6d 63 d8 3b Aug 26 13:22:42.925895: | rsa signature 52 0c 57 57 26 24 19 e3 47 88 41 ef 19 66 79 f7 Aug 26 13:22:42.925897: | rsa signature 2d 8f 8a 31 96 69 33 fb fa 82 28 67 c5 72 1d 25 Aug 26 13:22:42.925898: | rsa signature aa f9 d9 70 2c 2b 3f 86 f5 44 88 1a d0 79 e3 63 Aug 26 13:22:42.925900: | rsa signature 58 43 66 69 c2 b5 f4 66 2f ab 76 55 83 76 e7 3d Aug 26 13:22:42.925901: | rsa signature 0c 01 e1 4c e5 85 33 fc af 85 2e 99 2c b0 6c b4 Aug 26 13:22:42.925904: | #1 spent 6.27 milliseconds in ikev2_calculate_rsa_hash() Aug 26 13:22:42.925906: | emitting length of IKEv2 Authentication Payload: 392 Aug 26 13:22:42.925915: | request lease from addresspool 192.0.2.100-192.0.2.199 reference count 2 thatid '' that.client.addr 192.1.3.209 Aug 26 13:22:42.925917: | addresspool can share this lease Aug 26 13:22:42.925921: | in share_lease: no lingering addresspool lease for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' Aug 26 13:22:42.925922: | addresspool can share this lease Aug 26 13:22:42.925924: | New lease from addresspool index 0 Aug 26 13:22:42.925930: | new lease 192.0.2.100 from addresspool 192.0.2.100-192.0.2.199 to that.client.addr 192.1.3.209 thatid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' Aug 26 13:22:42.925934: | creating state object #2 at 0x559d8e125428 Aug 26 13:22:42.925937: | State DB: adding IKEv2 state #2 in UNDEFINED Aug 26 13:22:42.925940: | pstats #2 ikev2.child started Aug 26 13:22:42.925943: | duplicating state object #1 "rw-east-pool-x509-ipv4"[1] 192.1.3.209 as #2 for IPSEC SA Aug 26 13:22:42.925947: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:42.925951: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Aug 26 13:22:42.925955: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Aug 26 13:22:42.925957: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Aug 26 13:22:42.925960: | Send Configuration Payload reply Aug 26 13:22:42.925961: | ****emit IKEv2 Configuration Payload: Aug 26 13:22:42.925963: | next payload type: ISAKMP_NEXT_v2SA (0x21) Aug 26 13:22:42.925965: | flags: none (0x0) Aug 26 13:22:42.925968: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Aug 26 13:22:42.925971: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Aug 26 13:22:42.925973: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Aug 26 13:22:42.925975: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.925977: | *****emit IKEv2 Configuration Payload Attribute: Aug 26 13:22:42.925979: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Aug 26 13:22:42.925981: | emitting 4 raw bytes of Internal IP Address into IKEv2 Configuration Payload Attribute Aug 26 13:22:42.925983: | Internal IP Address c0 00 02 64 Aug 26 13:22:42.925984: | emitting length of IKEv2 Configuration Payload Attribute: 4 Aug 26 13:22:42.925986: | emitting length of IKEv2 Configuration Payload: 16 Aug 26 13:22:42.925989: | constructing ESP/AH proposals with all DH removed for rw-east-pool-x509-ipv4 (IKE_AUTH responder matching remote ESP/AH proposals) Aug 26 13:22:42.925992: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Aug 26 13:22:42.925997: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:22:42.925999: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Aug 26 13:22:42.926002: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Aug 26 13:22:42.926004: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:22:42.926006: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:22:42.926008: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Aug 26 13:22:42.926011: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:22:42.926016: "rw-east-pool-x509-ipv4"[1] 192.1.3.209: constructed local ESP/AH proposals for rw-east-pool-x509-ipv4 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Aug 26 13:22:42.926018: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Aug 26 13:22:42.926021: | local proposal 1 type ENCR has 1 transforms Aug 26 13:22:42.926022: | local proposal 1 type PRF has 0 transforms Aug 26 13:22:42.926024: | local proposal 1 type INTEG has 1 transforms Aug 26 13:22:42.926026: | local proposal 1 type DH has 1 transforms Aug 26 13:22:42.926027: | local proposal 1 type ESN has 1 transforms Aug 26 13:22:42.926029: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:22:42.926031: | local proposal 2 type ENCR has 1 transforms Aug 26 13:22:42.926033: | local proposal 2 type PRF has 0 transforms Aug 26 13:22:42.926034: | local proposal 2 type INTEG has 1 transforms Aug 26 13:22:42.926036: | local proposal 2 type DH has 1 transforms Aug 26 13:22:42.926037: | local proposal 2 type ESN has 1 transforms Aug 26 13:22:42.926039: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Aug 26 13:22:42.926041: | local proposal 3 type ENCR has 1 transforms Aug 26 13:22:42.926042: | local proposal 3 type PRF has 0 transforms Aug 26 13:22:42.926044: | local proposal 3 type INTEG has 2 transforms Aug 26 13:22:42.926045: | local proposal 3 type DH has 1 transforms Aug 26 13:22:42.926047: | local proposal 3 type ESN has 1 transforms Aug 26 13:22:42.926049: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:22:42.926050: | local proposal 4 type ENCR has 1 transforms Aug 26 13:22:42.926052: | local proposal 4 type PRF has 0 transforms Aug 26 13:22:42.926054: | local proposal 4 type INTEG has 2 transforms Aug 26 13:22:42.926056: | local proposal 4 type DH has 1 transforms Aug 26 13:22:42.926058: | local proposal 4 type ESN has 1 transforms Aug 26 13:22:42.926059: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Aug 26 13:22:42.926062: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.926064: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.926065: | length: 32 (0x20) Aug 26 13:22:42.926067: | prop #: 1 (0x1) Aug 26 13:22:42.926068: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:22:42.926070: | spi size: 4 (0x4) Aug 26 13:22:42.926072: | # transforms: 2 (0x2) Aug 26 13:22:42.926074: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:22:42.926075: | remote SPI 04 87 6b 3d Aug 26 13:22:42.926077: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Aug 26 13:22:42.926079: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926083: | length: 12 (0xc) Aug 26 13:22:42.926084: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.926086: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.926088: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.926089: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.926091: | length/value: 256 (0x100) Aug 26 13:22:42.926094: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Aug 26 13:22:42.926095: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926097: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.926099: | length: 8 (0x8) Aug 26 13:22:42.926100: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:22:42.926102: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:22:42.926104: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Aug 26 13:22:42.926106: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Aug 26 13:22:42.926108: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Aug 26 13:22:42.926110: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Aug 26 13:22:42.926112: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Aug 26 13:22:42.926115: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Aug 26 13:22:42.926116: | remote proposal 1 matches local proposal 1 Aug 26 13:22:42.926118: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.926120: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.926136: | length: 32 (0x20) Aug 26 13:22:42.926138: | prop #: 2 (0x2) Aug 26 13:22:42.926140: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:22:42.926141: | spi size: 4 (0x4) Aug 26 13:22:42.926143: | # transforms: 2 (0x2) Aug 26 13:22:42.926145: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:22:42.926146: | remote SPI 04 87 6b 3d Aug 26 13:22:42.926148: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.926150: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926153: | length: 12 (0xc) Aug 26 13:22:42.926155: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.926156: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.926158: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.926160: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.926161: | length/value: 128 (0x80) Aug 26 13:22:42.926163: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926165: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.926167: | length: 8 (0x8) Aug 26 13:22:42.926169: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:22:42.926171: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:22:42.926173: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Aug 26 13:22:42.926175: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Aug 26 13:22:42.926176: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.926178: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Aug 26 13:22:42.926180: | length: 48 (0x30) Aug 26 13:22:42.926181: | prop #: 3 (0x3) Aug 26 13:22:42.926183: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:22:42.926184: | spi size: 4 (0x4) Aug 26 13:22:42.926186: | # transforms: 4 (0x4) Aug 26 13:22:42.926188: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:22:42.926189: | remote SPI 04 87 6b 3d Aug 26 13:22:42.926191: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.926193: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926196: | length: 12 (0xc) Aug 26 13:22:42.926197: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.926199: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:22:42.926201: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.926202: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.926204: | length/value: 256 (0x100) Aug 26 13:22:42.926206: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926209: | length: 8 (0x8) Aug 26 13:22:42.926210: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.926212: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:22:42.926214: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926215: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926217: | length: 8 (0x8) Aug 26 13:22:42.926219: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.926220: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:22:42.926222: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926223: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.926225: | length: 8 (0x8) Aug 26 13:22:42.926227: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:22:42.926228: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:22:42.926230: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:22:42.926232: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:22:42.926234: | ***parse IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.926236: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:22:42.926237: | length: 48 (0x30) Aug 26 13:22:42.926239: | prop #: 4 (0x4) Aug 26 13:22:42.926240: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:22:42.926242: | spi size: 4 (0x4) Aug 26 13:22:42.926243: | # transforms: 4 (0x4) Aug 26 13:22:42.926245: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Aug 26 13:22:42.926247: | remote SPI 04 87 6b 3d Aug 26 13:22:42.926248: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Aug 26 13:22:42.926250: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926252: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926253: | length: 12 (0xc) Aug 26 13:22:42.926255: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.926256: | IKEv2 transform ID: AES_CBC (0xc) Aug 26 13:22:42.926258: | *****parse IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.926260: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.926261: | length/value: 128 (0x80) Aug 26 13:22:42.926263: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926267: | length: 8 (0x8) Aug 26 13:22:42.926269: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.926271: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Aug 26 13:22:42.926272: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926275: | length: 8 (0x8) Aug 26 13:22:42.926277: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Aug 26 13:22:42.926279: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Aug 26 13:22:42.926280: | ****parse IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926282: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.926283: | length: 8 (0x8) Aug 26 13:22:42.926285: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:22:42.926287: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:22:42.926293: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Aug 26 13:22:42.926298: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Aug 26 13:22:42.926303: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #1: proposal 1:ESP:SPI=04876b3d;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Aug 26 13:22:42.926306: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=04876b3d;ENCR=AES_GCM_C_256;ESN=DISABLED Aug 26 13:22:42.926308: | converting proposal to internal trans attrs Aug 26 13:22:42.926353: | netlink_get_spi: allocated 0xeff6eab1 for esp.0@192.1.2.23 Aug 26 13:22:42.926355: | Emitting ikev2_proposal ... Aug 26 13:22:42.926357: | ****emit IKEv2 Security Association Payload: Aug 26 13:22:42.926358: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.926360: | flags: none (0x0) Aug 26 13:22:42.926362: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Aug 26 13:22:42.926364: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.926366: | *****emit IKEv2 Proposal Substructure Payload: Aug 26 13:22:42.926368: | last proposal: v2_PROPOSAL_LAST (0x0) Aug 26 13:22:42.926370: | prop #: 1 (0x1) Aug 26 13:22:42.926371: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Aug 26 13:22:42.926373: | spi size: 4 (0x4) Aug 26 13:22:42.926374: | # transforms: 2 (0x2) Aug 26 13:22:42.926376: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Aug 26 13:22:42.926378: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Aug 26 13:22:42.926380: | our spi ef f6 ea b1 Aug 26 13:22:42.926382: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926385: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Aug 26 13:22:42.926387: | IKEv2 transform ID: AES_GCM_C (0x14) Aug 26 13:22:42.926389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:22:42.926390: | *******emit IKEv2 Attribute Substructure Payload: Aug 26 13:22:42.926392: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Aug 26 13:22:42.926407: | length/value: 256 (0x100) Aug 26 13:22:42.926409: | emitting length of IKEv2 Transform Substructure Payload: 12 Aug 26 13:22:42.926410: | ******emit IKEv2 Transform Substructure Payload: Aug 26 13:22:42.926412: | last transform: v2_TRANSFORM_LAST (0x0) Aug 26 13:22:42.926413: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Aug 26 13:22:42.926433: | IKEv2 transform ID: ESN_DISABLED (0x0) Aug 26 13:22:42.926435: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Aug 26 13:22:42.926437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Aug 26 13:22:42.926452: | emitting length of IKEv2 Transform Substructure Payload: 8 Aug 26 13:22:42.926454: | emitting length of IKEv2 Proposal Substructure Payload: 32 Aug 26 13:22:42.926455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Aug 26 13:22:42.926457: | emitting length of IKEv2 Security Association Payload: 36 Aug 26 13:22:42.926459: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Aug 26 13:22:42.926461: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Aug 26 13:22:42.926462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.926464: | flags: none (0x0) Aug 26 13:22:42.926466: | number of TS: 1 (0x1) Aug 26 13:22:42.926468: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Aug 26 13:22:42.926470: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.926471: | *****emit IKEv2 Traffic Selector: Aug 26 13:22:42.926473: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:22:42.926475: | IP Protocol ID: 0 (0x0) Aug 26 13:22:42.926476: | start port: 0 (0x0) Aug 26 13:22:42.926478: | end port: 65535 (0xffff) Aug 26 13:22:42.926480: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:22:42.926482: | ipv4 start c0 00 02 64 Aug 26 13:22:42.926483: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:22:42.926485: | ipv4 end c0 00 02 64 Aug 26 13:22:42.926486: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:22:42.926488: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Aug 26 13:22:42.926490: | ****emit IKEv2 Traffic Selector - Responder - Payload: Aug 26 13:22:42.926491: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.926493: | flags: none (0x0) Aug 26 13:22:42.926494: | number of TS: 1 (0x1) Aug 26 13:22:42.926496: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Aug 26 13:22:42.926498: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Aug 26 13:22:42.926500: | *****emit IKEv2 Traffic Selector: Aug 26 13:22:42.926501: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Aug 26 13:22:42.926518: | IP Protocol ID: 0 (0x0) Aug 26 13:22:42.926519: | start port: 0 (0x0) Aug 26 13:22:42.926521: | end port: 65535 (0xffff) Aug 26 13:22:42.926523: | emitting 4 raw bytes of ipv4 start into IKEv2 Traffic Selector Aug 26 13:22:42.926524: | ipv4 start 00 00 00 00 Aug 26 13:22:42.926526: | emitting 4 raw bytes of ipv4 end into IKEv2 Traffic Selector Aug 26 13:22:42.926527: | ipv4 end ff ff ff ff Aug 26 13:22:42.926529: | emitting length of IKEv2 Traffic Selector: 16 Aug 26 13:22:42.926531: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Aug 26 13:22:42.926532: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Aug 26 13:22:42.926535: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Aug 26 13:22:42.926686: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:22:42.926690: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:22:42.926693: | could_route called for rw-east-pool-x509-ipv4 (kind=CK_INSTANCE) Aug 26 13:22:42.926695: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:42.926698: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 vs Aug 26 13:22:42.926700: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 Aug 26 13:22:42.926702: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 vs Aug 26 13:22:42.926704: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 Aug 26 13:22:42.926707: | route owner of "rw-east-pool-x509-ipv4"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 13:22:42.926709: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:22:42.926712: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:22:42.926714: | AES_GCM_16 requires 4 salt bytes Aug 26 13:22:42.926716: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:22:42.926718: | setting IPsec SA replay-window to 32 Aug 26 13:22:42.926720: | NIC esp-hw-offload not for connection 'rw-east-pool-x509-ipv4' not available on interface eth1 Aug 26 13:22:42.926723: | netlink: enabling tunnel mode Aug 26 13:22:42.926725: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:42.926726: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:42.926784: | netlink response for Add SA esp.4876b3d@192.1.3.209 included non-error error Aug 26 13:22:42.926786: | set up outgoing SA, ref=0/0 Aug 26 13:22:42.926806: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Aug 26 13:22:42.926812: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Aug 26 13:22:42.926815: | AES_GCM_16 requires 4 salt bytes Aug 26 13:22:42.926818: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Aug 26 13:22:42.926823: | setting IPsec SA replay-window to 32 Aug 26 13:22:42.926826: | NIC esp-hw-offload not for connection 'rw-east-pool-x509-ipv4' not available on interface eth1 Aug 26 13:22:42.926830: | netlink: enabling tunnel mode Aug 26 13:22:42.926833: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:42.926836: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:42.926877: | netlink response for Add SA esp.eff6eab1@192.1.2.23 included non-error error Aug 26 13:22:42.926884: | priority calculation of connection "rw-east-pool-x509-ipv4" is 0xfffdf Aug 26 13:22:42.926892: | add inbound eroute 192.0.2.100/32:0 --0-> 0.0.0.0/0:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:42.926897: | IPsec Sa SPD priority set to 1048543 Aug 26 13:22:42.926922: | raw_eroute result=success Aug 26 13:22:42.926926: | set up incoming SA, ref=0/0 Aug 26 13:22:42.926930: | sr for #2: unrouted Aug 26 13:22:42.926933: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:22:42.926937: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:42.926941: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 vs Aug 26 13:22:42.926944: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 Aug 26 13:22:42.926948: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 vs Aug 26 13:22:42.926951: | conn rw-east-pool-x509-ipv4 mark 0/00000000, 0/00000000 Aug 26 13:22:42.926957: | route owner of "rw-east-pool-x509-ipv4"[1] 192.1.3.209 unrouted: NULL; eroute owner: NULL Aug 26 13:22:42.926961: | route_and_eroute with c: rw-east-pool-x509-ipv4 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:22:42.926963: | priority calculation of connection "rw-east-pool-x509-ipv4" is 0xfffdf Aug 26 13:22:42.926968: | eroute_connection add eroute 0.0.0.0/0:0 --0-> 192.0.2.100/32:0 => tun.0@192.1.3.209 (raw_eroute) Aug 26 13:22:42.926970: | IPsec Sa SPD priority set to 1048543 Aug 26 13:22:42.926980: | raw_eroute result=success Aug 26 13:22:42.926983: | running updown command "ipsec _updown" for verb up Aug 26 13:22:42.926997: | command executing up-client Aug 26 13:22:42.927044: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x509-ipv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY= Aug 26 13:22:42.927051: | popen cmd is 1278 chars long Aug 26 13:22:42.927054: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x509-i: Aug 26 13:22:42.927056: | cmd( 80):pv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' P: Aug 26 13:22:42.927058: | cmd( 160):LUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas: Aug 26 13:22:42.927060: | cmd( 240):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0: Aug 26 13:22:42.927061: | cmd( 320):.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PO: Aug 26 13:22:42.927063: | cmd( 400):RT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PE: Aug 26 13:22:42.927065: | cmd( 480):ER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: Aug 26 13:22:42.927066: | cmd( 560):t Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' : Aug 26 13:22:42.927068: | cmd( 640):PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEE: Aug 26 13:22:42.927070: | cmd( 720):R_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:22:42.927071: | cmd( 800):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Aug 26 13:22:42.927073: | cmd( 880):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Aug 26 13:22:42.927075: | cmd( 960):'CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0: Aug 26 13:22:42.927077: | cmd(1040):' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF: Aug 26 13:22:42.927078: | cmd(1120):G_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTI: Aug 26 13:22:42.927080: | cmd(1200):NG='no' VTI_SHARED='no' SPI_IN=0x4876b3d SPI_OUT=0xeff6eab1 ipsec _updown 2>&1: Aug 26 13:22:42.934477: | route_and_eroute: firewall_notified: true Aug 26 13:22:42.934495: | running updown command "ipsec _updown" for verb prepare Aug 26 13:22:42.934498: | command executing prepare-client Aug 26 13:22:42.934528: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x509-ipv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_A Aug 26 13:22:42.934531: | popen cmd is 1283 chars long Aug 26 13:22:42.934533: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x: Aug 26 13:22:42.934539: | cmd( 80):509-ipv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.: Aug 26 13:22:42.934541: | cmd( 160):23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, C: Aug 26 13:22:42.934543: | cmd( 240):N=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT: Aug 26 13:22:42.934544: | cmd( 320):='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_: Aug 26 13:22:42.934546: | cmd( 400):MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLU: Aug 26 13:22:42.934548: | cmd( 480):TO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 13:22:42.934549: | cmd( 560):U=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.: Aug 26 13:22:42.934551: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUT: Aug 26 13:22:42.934553: | cmd( 720):O_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:22:42.934554: | cmd( 800): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Aug 26 13:22:42.934556: | cmd( 880):IG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_: Aug 26 13:22:42.934557: | cmd( 960):KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Aug 26 13:22:42.934559: | cmd(1040):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Aug 26 13:22:42.934561: | cmd(1120):TO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Aug 26 13:22:42.934562: | cmd(1200):ROUTING='no' VTI_SHARED='no' SPI_IN=0x4876b3d SPI_OUT=0xeff6eab1 ipsec _updown 2: Aug 26 13:22:42.934564: | cmd(1280):>&1: Aug 26 13:22:42.941430: | running updown command "ipsec _updown" for verb route Aug 26 13:22:42.941446: | command executing route-client Aug 26 13:22:42.941487: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x509-ipv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF Aug 26 13:22:42.941491: | popen cmd is 1281 chars long Aug 26 13:22:42.941494: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='rw-east-pool-x50: Aug 26 13:22:42.941497: | cmd( 80):9-ipv4' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23: Aug 26 13:22:42.941499: | cmd( 160):' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Aug 26 13:22:42.941502: | cmd( 240):east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=': Aug 26 13:22:42.941505: | cmd( 320):0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY: Aug 26 13:22:42.941507: | cmd( 400):_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO: Aug 26 13:22:42.941510: | cmd( 480):_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 13:22:42.941513: | cmd( 560):Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.or: Aug 26 13:22:42.941518: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_: Aug 26 13:22:42.941521: | cmd( 720):PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 13:22:42.941524: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Aug 26 13:22:42.941526: | cmd( 880):+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Aug 26 13:22:42.941529: | cmd( 960):ND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Aug 26 13:22:42.941532: | cmd(1040):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Aug 26 13:22:42.941534: | cmd(1120):_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Aug 26 13:22:42.941537: | cmd(1200):UTING='no' VTI_SHARED='no' SPI_IN=0x4876b3d SPI_OUT=0xeff6eab1 ipsec _updown 2>&: Aug 26 13:22:42.941539: | cmd(1280):1: Aug 26 13:22:42.960498: | route_and_eroute: instance "rw-east-pool-x509-ipv4"[1] 192.1.3.209, setting eroute_owner {spd=0x559d8e10fc48,sr=0x559d8e10fc48} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:22:42.960577: | #1 spent 1.79 milliseconds in install_ipsec_sa() Aug 26 13:22:42.960587: | ISAKMP_v2_IKE_AUTH: instance rw-east-pool-x509-ipv4[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:22:42.960593: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.960598: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Aug 26 13:22:42.960617: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Aug 26 13:22:42.960620: | emitting length of IKEv2 Encryption Payload: 1977 Aug 26 13:22:42.960624: | emitting length of ISAKMP Message: 2005 Aug 26 13:22:42.960633: | **parse ISAKMP Message: Aug 26 13:22:42.960637: | initiator cookie: Aug 26 13:22:42.960640: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.960642: | responder cookie: Aug 26 13:22:42.960645: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.960648: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Aug 26 13:22:42.960651: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.960654: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.960658: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.960661: | Message ID: 1 (0x1) Aug 26 13:22:42.960664: | length: 2005 (0x7d5) Aug 26 13:22:42.960667: | **parse IKEv2 Encryption Payload: Aug 26 13:22:42.960670: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:22:42.960673: | flags: none (0x0) Aug 26 13:22:42.960675: | length: 1977 (0x7b9) Aug 26 13:22:42.960678: | **emit ISAKMP Message: Aug 26 13:22:42.960681: | initiator cookie: Aug 26 13:22:42.960684: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.960687: | responder cookie: Aug 26 13:22:42.960689: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.960692: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.960695: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.960698: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.960702: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.960704: | Message ID: 1 (0x1) Aug 26 13:22:42.960708: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.960712: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:22:42.960715: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Aug 26 13:22:42.960717: | flags: none (0x0) Aug 26 13:22:42.960720: | fragment number: 1 (0x1) Aug 26 13:22:42.960723: | total fragments: 5 (0x5) Aug 26 13:22:42.960726: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Aug 26 13:22:42.960730: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.960734: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:22:42.960742: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:22:42.960758: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:22:42.960762: | cleartext fragment 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Aug 26 13:22:42.960764: | cleartext fragment 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Aug 26 13:22:42.960765: | cleartext fragment 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:22:42.960767: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:22:42.960768: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:22:42.960770: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:22:42.960771: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:22:42.960773: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:22:42.960774: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:22:42.960776: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:22:42.960778: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:22:42.960779: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Aug 26 13:22:42.960781: | cleartext fragment 00 04 f1 04 30 82 04 e8 30 82 04 51 a0 03 02 01 Aug 26 13:22:42.960782: | cleartext fragment 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Aug 26 13:22:42.960784: | cleartext fragment 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Aug 26 13:22:42.960785: | cleartext fragment 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Aug 26 13:22:42.960787: | cleartext fragment 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Aug 26 13:22:42.960788: | cleartext fragment 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Aug 26 13:22:42.960790: | cleartext fragment 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Aug 26 13:22:42.960791: | cleartext fragment 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Aug 26 13:22:42.960793: | cleartext fragment 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Aug 26 13:22:42.960794: | cleartext fragment 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Aug 26 13:22:42.960796: | cleartext fragment 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Aug 26 13:22:42.960797: | cleartext fragment 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Aug 26 13:22:42.960799: | cleartext fragment 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Aug 26 13:22:42.960800: | cleartext fragment 72 67 30 22 18 0f 32 30 31 39 30 38 32 34 30 39 Aug 26 13:22:42.960802: | cleartext fragment 30 37 35 33 5a 18 0f 32 30 32 32 30 38 32 33 30 Aug 26 13:22:42.960803: | cleartext fragment 39 30 37 35 33 5a 30 81 b4 31 0b 30 09 06 03 55 Aug 26 13:22:42.960805: | cleartext fragment 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Aug 26 13:22:42.960807: | cleartext fragment 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Aug 26 13:22:42.960808: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.960810: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:22:42.960812: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:22:42.960814: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:22:42.960816: | emitting length of ISAKMP Message: 539 Aug 26 13:22:42.960840: | **emit ISAKMP Message: Aug 26 13:22:42.960842: | initiator cookie: Aug 26 13:22:42.960844: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.960845: | responder cookie: Aug 26 13:22:42.960847: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.960848: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.960850: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.960852: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.960853: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.960856: | Message ID: 1 (0x1) Aug 26 13:22:42.960858: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.960860: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:22:42.960861: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.960863: | flags: none (0x0) Aug 26 13:22:42.960864: | fragment number: 2 (0x2) Aug 26 13:22:42.960866: | total fragments: 5 (0x5) Aug 26 13:22:42.960868: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:22:42.960870: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.960871: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:22:42.960873: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:22:42.960876: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:22:42.960877: | cleartext fragment 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Aug 26 13:22:42.960879: | cleartext fragment 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Aug 26 13:22:42.960881: | cleartext fragment 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Aug 26 13:22:42.960882: | cleartext fragment 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Aug 26 13:22:42.960884: | cleartext fragment 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Aug 26 13:22:42.960885: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Aug 26 13:22:42.960887: | cleartext fragment 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Aug 26 13:22:42.960888: | cleartext fragment 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Aug 26 13:22:42.960890: | cleartext fragment 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Aug 26 13:22:42.960891: | cleartext fragment 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Aug 26 13:22:42.960893: | cleartext fragment 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Aug 26 13:22:42.960894: | cleartext fragment b1 1e 7c b3 bf 11 96 94 23 ca 97 5e c7 66 36 55 Aug 26 13:22:42.960896: | cleartext fragment 71 49 95 8d 0c 2a 5c 30 4d 58 29 a3 7b 4d 3b 3f Aug 26 13:22:42.960897: | cleartext fragment 03 06 46 a6 04 63 71 0d e1 59 4f 9c ec 3a 17 24 Aug 26 13:22:42.960899: | cleartext fragment 8d 91 6a a8 e2 da 57 41 de f4 ff 65 bf f6 11 34 Aug 26 13:22:42.960900: | cleartext fragment d3 7d 5a 7f 6e 3a 3b 74 3c 51 2b e4 bf ce 6b b2 Aug 26 13:22:42.960902: | cleartext fragment 14 47 26 52 f5 57 28 bc c5 fb f9 bc 2d 4e b9 f8 Aug 26 13:22:42.960904: | cleartext fragment 46 54 c7 95 41 a7 a4 b4 d3 b3 fe 55 4b df f5 c3 Aug 26 13:22:42.960905: | cleartext fragment 78 39 8b 4e 04 57 c0 1d 5b 17 3c 28 eb 40 9d 1d Aug 26 13:22:42.960907: | cleartext fragment 7c b3 bb 0f f0 63 c7 c0 84 b0 4e e4 a9 7c c5 4b Aug 26 13:22:42.960908: | cleartext fragment 08 43 a6 2d 00 22 fd 98 d4 03 d0 ad 97 85 d1 48 Aug 26 13:22:42.960910: | cleartext fragment 15 d3 e4 e5 2d 46 7c ab 41 97 05 27 61 77 3d b6 Aug 26 13:22:42.960911: | cleartext fragment b1 58 a0 5f e0 8d 26 84 9b 03 20 ce 5e 27 7f 7d Aug 26 13:22:42.960913: | cleartext fragment 14 03 b6 9d 6b 9f fd 0c d4 c7 2d eb be ea 62 87 Aug 26 13:22:42.960914: | cleartext fragment fa 99 e0 a6 1c 85 4f 34 da 93 2e 5f db 03 10 58 Aug 26 13:22:42.960916: | cleartext fragment a8 c4 99 17 2d b1 bc e5 7b bd af 0e 28 aa a5 74 Aug 26 13:22:42.960917: | cleartext fragment ea 69 74 5e fa 2c c3 00 3c 2f 58 d0 20 cf e3 46 Aug 26 13:22:42.960919: | cleartext fragment 8d de aa f9 f7 30 5c 16 05 04 89 4c 92 9b 8a 33 Aug 26 13:22:42.960920: | cleartext fragment 11 70 83 17 58 24 2a 4b ab be b6 ec 84 9c 78 9c Aug 26 13:22:42.960922: | cleartext fragment 11 04 2a 02 ce 27 83 a1 1f 2b 38 3f 27 7d Aug 26 13:22:42.960923: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.960926: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:22:42.960928: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:22:42.960930: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:22:42.960931: | emitting length of ISAKMP Message: 539 Aug 26 13:22:42.960935: | **emit ISAKMP Message: Aug 26 13:22:42.960937: | initiator cookie: Aug 26 13:22:42.960938: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.960940: | responder cookie: Aug 26 13:22:42.960941: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.960943: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.960945: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.960946: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.960948: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.960949: | Message ID: 1 (0x1) Aug 26 13:22:42.960951: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.960953: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:22:42.960954: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.960956: | flags: none (0x0) Aug 26 13:22:42.960957: | fragment number: 3 (0x3) Aug 26 13:22:42.960959: | total fragments: 5 (0x5) Aug 26 13:22:42.960961: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:22:42.960962: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.960964: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:22:42.960966: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:22:42.960968: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:22:42.960970: | cleartext fragment 46 94 63 ff 64 59 4e 6c 87 ca 3e e6 31 df 1e 7d Aug 26 13:22:42.960971: | cleartext fragment 48 88 02 c7 9d fa 4a d7 f2 5b a5 fd 7f 1b c6 dc Aug 26 13:22:42.960973: | cleartext fragment 1a bb a6 c4 f8 32 cd bf a7 0b 71 8b 2b 31 41 17 Aug 26 13:22:42.960974: | cleartext fragment 25 a4 18 52 7d 32 fc 0f 5f b8 bb ca e1 94 1a 42 Aug 26 13:22:42.960976: | cleartext fragment 4d 1f 37 16 67 84 ae b4 32 42 9c 5a 91 71 62 b4 Aug 26 13:22:42.960977: | cleartext fragment 4b 07 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Aug 26 13:22:42.960979: | cleartext fragment 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Aug 26 13:22:42.960980: | cleartext fragment 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Aug 26 13:22:42.960982: | cleartext fragment 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Aug 26 13:22:42.960984: | cleartext fragment 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Aug 26 13:22:42.960985: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Aug 26 13:22:42.960987: | cleartext fragment 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Aug 26 13:22:42.960988: | cleartext fragment 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Aug 26 13:22:42.960990: | cleartext fragment 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Aug 26 13:22:42.960991: | cleartext fragment 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Aug 26 13:22:42.960993: | cleartext fragment 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Aug 26 13:22:42.960994: | cleartext fragment 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:22:42.960996: | cleartext fragment 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Aug 26 13:22:42.960997: | cleartext fragment 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Aug 26 13:22:42.960999: | cleartext fragment 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:22:42.961000: | cleartext fragment 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:22:42.961002: | cleartext fragment 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Aug 26 13:22:42.961004: | cleartext fragment 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Aug 26 13:22:42.961006: | cleartext fragment 03 81 81 00 3a 56 a3 7d b1 4e 62 2f 82 0d e3 fe Aug 26 13:22:42.961008: | cleartext fragment 74 40 ef cb eb 93 ea ad e4 74 8b 80 6f ae 8b 65 Aug 26 13:22:42.961009: | cleartext fragment 87 12 a6 24 0d 21 9c 5f 70 5c 6f d9 66 8d 98 8b Aug 26 13:22:42.961011: | cleartext fragment ea 59 f8 96 52 6a 6c 86 d6 7d ba 37 a9 8c 33 8c Aug 26 13:22:42.961012: | cleartext fragment 77 18 23 0b 1b 2a 66 47 e7 95 94 e6 75 84 30 d4 Aug 26 13:22:42.961014: | cleartext fragment db b8 23 eb 89 82 a9 fd ed 46 8b ce 46 7f f9 19 Aug 26 13:22:42.961015: | cleartext fragment 8f 49 da 29 2e 1e 97 cd 12 42 86 c7 57 fc Aug 26 13:22:42.961017: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.961019: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:22:42.961020: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:22:42.961022: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:22:42.961023: | emitting length of ISAKMP Message: 539 Aug 26 13:22:42.961028: | **emit ISAKMP Message: Aug 26 13:22:42.961030: | initiator cookie: Aug 26 13:22:42.961031: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.961033: | responder cookie: Aug 26 13:22:42.961034: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961036: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.961037: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.961039: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.961040: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.961042: | Message ID: 1 (0x1) Aug 26 13:22:42.961044: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.961045: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:22:42.961047: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.961048: | flags: none (0x0) Aug 26 13:22:42.961050: | fragment number: 4 (0x4) Aug 26 13:22:42.961051: | total fragments: 5 (0x5) Aug 26 13:22:42.961053: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:22:42.961055: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.961057: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:22:42.961059: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:22:42.961064: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:22:42.961066: | cleartext fragment 4f 0a 19 26 8a a1 0d 26 81 4d 53 f4 5c 92 a1 03 Aug 26 13:22:42.961067: | cleartext fragment 03 8d 6c 51 33 cc 2f 00 01 88 01 00 00 00 76 f6 Aug 26 13:22:42.961069: | cleartext fragment 5b c0 e0 2d c1 85 92 e1 89 e3 81 c1 8c a9 b3 a8 Aug 26 13:22:42.961071: | cleartext fragment 72 07 6a 45 8b ed 80 ed ca 9e b2 81 c6 fc 50 a0 Aug 26 13:22:42.961072: | cleartext fragment 48 b4 af 99 c5 ab 0e 00 37 96 77 d5 20 fe 72 b0 Aug 26 13:22:42.961074: | cleartext fragment c3 e7 a2 cc 3d ad 45 cb b1 7b ef c6 71 3f 21 ef Aug 26 13:22:42.961075: | cleartext fragment 86 13 42 84 bc 56 a5 66 c6 a1 88 dc c2 87 db d4 Aug 26 13:22:42.961077: | cleartext fragment 98 21 ff d6 09 0d 17 8f 31 f1 9f e8 fc 1a 92 4f Aug 26 13:22:42.961078: | cleartext fragment 50 5b 21 89 ff 07 28 9a ef 36 9d d2 d6 82 6c 53 Aug 26 13:22:42.961080: | cleartext fragment 47 39 93 7b f7 89 82 ff 4b 47 51 6f 0c 39 34 f5 Aug 26 13:22:42.961081: | cleartext fragment ec 98 06 d5 bb d4 89 47 71 02 2a bf a4 97 2c 6a Aug 26 13:22:42.961083: | cleartext fragment 6f c2 ec 80 3e e3 bf 3b 27 d5 fd 3c 44 02 70 3b Aug 26 13:22:42.961084: | cleartext fragment 71 40 ab f5 9c 76 e1 41 3c fb c2 90 0d a9 13 8b Aug 26 13:22:42.961087: | cleartext fragment 02 30 5c 6c 17 69 d9 72 01 b9 40 0e f6 04 23 14 Aug 26 13:22:42.961088: | cleartext fragment af 53 7a 72 b6 7b fc 85 b0 12 54 5d fc fc 74 02 Aug 26 13:22:42.961090: | cleartext fragment c4 6d c9 aa fe 27 b1 9c 38 08 8f 0e 26 ac ab a3 Aug 26 13:22:42.961091: | cleartext fragment f6 2e 45 45 83 bb 8d 09 99 2d e6 85 47 1b 91 14 Aug 26 13:22:42.961093: | cleartext fragment 75 e9 47 e2 36 7d f1 c8 d4 d5 56 87 e0 ce c7 35 Aug 26 13:22:42.961095: | cleartext fragment 51 1a 09 5c c4 de 77 0d ff 47 ad 2a 05 f3 dc fc Aug 26 13:22:42.961096: | cleartext fragment 4b 1c b6 67 69 dd 24 3c 71 e4 10 de 38 33 9b 61 Aug 26 13:22:42.961098: | cleartext fragment 63 27 b4 b1 98 20 fc 21 fa 67 6d 63 d8 3b 52 0c Aug 26 13:22:42.961099: | cleartext fragment 57 57 26 24 19 e3 47 88 41 ef 19 66 79 f7 2d 8f Aug 26 13:22:42.961101: | cleartext fragment 8a 31 96 69 33 fb fa 82 28 67 c5 72 1d 25 aa f9 Aug 26 13:22:42.961102: | cleartext fragment d9 70 2c 2b 3f 86 f5 44 88 1a d0 79 e3 63 58 43 Aug 26 13:22:42.961104: | cleartext fragment 66 69 c2 b5 f4 66 2f ab 76 55 83 76 e7 3d 0c 01 Aug 26 13:22:42.961105: | cleartext fragment e1 4c e5 85 33 fc af 85 2e 99 2c b0 6c b4 21 00 Aug 26 13:22:42.961107: | cleartext fragment 00 10 02 00 00 00 00 01 00 04 c0 00 02 64 2c 00 Aug 26 13:22:42.961108: | cleartext fragment 00 24 00 00 00 20 01 03 04 02 ef f6 ea b1 03 00 Aug 26 13:22:42.961110: | cleartext fragment 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Aug 26 13:22:42.961111: | cleartext fragment 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 Aug 26 13:22:42.961113: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.961115: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:22:42.961117: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:22:42.961118: | emitting length of IKEv2 Encrypted Fragment: 511 Aug 26 13:22:42.961120: | emitting length of ISAKMP Message: 539 Aug 26 13:22:42.961125: | **emit ISAKMP Message: Aug 26 13:22:42.961127: | initiator cookie: Aug 26 13:22:42.961128: | f7 f5 17 0e ae bd 93 18 Aug 26 13:22:42.961130: | responder cookie: Aug 26 13:22:42.961131: | 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961133: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:42.961134: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Aug 26 13:22:42.961136: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Aug 26 13:22:42.961137: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Aug 26 13:22:42.961139: | Message ID: 1 (0x1) Aug 26 13:22:42.961141: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:42.961142: | ***emit IKEv2 Encrypted Fragment: Aug 26 13:22:42.961144: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Aug 26 13:22:42.961145: | flags: none (0x0) Aug 26 13:22:42.961147: | fragment number: 5 (0x5) Aug 26 13:22:42.961148: | total fragments: 5 (0x5) Aug 26 13:22:42.961150: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Aug 26 13:22:42.961152: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Aug 26 13:22:42.961154: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Aug 26 13:22:42.961156: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Aug 26 13:22:42.961158: | emitting 36 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Aug 26 13:22:42.961159: | cleartext fragment 00 00 ff ff c0 00 02 64 c0 00 02 64 00 00 00 18 Aug 26 13:22:42.961161: | cleartext fragment 01 00 00 00 07 00 00 10 00 00 ff ff 00 00 00 00 Aug 26 13:22:42.961162: | cleartext fragment ff ff ff ff Aug 26 13:22:42.961164: | adding 1 bytes of padding (including 1 byte padding-length) Aug 26 13:22:42.961166: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Aug 26 13:22:42.961168: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Aug 26 13:22:42.961170: | emitting length of IKEv2 Encrypted Fragment: 69 Aug 26 13:22:42.961172: | emitting length of ISAKMP Message: 97 Aug 26 13:22:42.961177: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Aug 26 13:22:42.961182: | #1 spent 14.3 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Aug 26 13:22:42.961189: | suspend processing: state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:22:42.961193: | start processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v2_state_transition() at ikev2.c:3379) Aug 26 13:22:42.961196: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Aug 26 13:22:42.961198: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Aug 26 13:22:42.961201: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Aug 26 13:22:42.961203: | Message ID: updating counters for #2 to 1 after switching state Aug 26 13:22:42.961207: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Aug 26 13:22:42.961210: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Aug 26 13:22:42.961212: | pstats #2 ikev2.child established Aug 26 13:22:42.961218: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] -> [192.0.2.100-192.0.2.100:0-65535 0] Aug 26 13:22:42.961221: | NAT-T: encaps is 'auto' Aug 26 13:22:42.961224: "rw-east-pool-x509-ipv4"[1] 192.1.3.209 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x04876b3d <0xeff6eab1 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=active} Aug 26 13:22:42.961228: | sending V2 new request packet to 192.1.3.209:500 (from 192.1.2.23:500) Aug 26 13:22:42.961229: | sending fragments ... Aug 26 13:22:42.961235: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.961236: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961238: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Aug 26 13:22:42.961239: | 00 01 00 05 5d db 89 8b e1 99 56 b7 56 1c c1 0a Aug 26 13:22:42.961241: | 1b cb 63 1c a9 d1 c6 7e 8b 2f ce 05 6d b2 5d ba Aug 26 13:22:42.961242: | 8f 77 6e 8b 36 64 d4 e4 a4 c5 ba 6d 6e b7 78 29 Aug 26 13:22:42.961244: | 8f a7 6e 10 9f 9d f5 7f 5d 99 03 ba fe 2d b6 1a Aug 26 13:22:42.961245: | b7 59 09 3e 4a 57 a2 bc 9a 07 57 d0 5a de 72 51 Aug 26 13:22:42.961247: | 5d 82 bc bb 7f 5e 98 ea 9a 7e 2b d0 e2 86 ac 03 Aug 26 13:22:42.961248: | b2 e6 52 62 d6 31 67 e6 92 8e 0a cc 91 72 d9 46 Aug 26 13:22:42.961250: | f6 5d 54 6b 41 3b d6 3f 6b 44 55 f4 2e ab 0e 90 Aug 26 13:22:42.961251: | 51 5a 5b aa 88 9b 77 80 f5 a7 72 e9 3a b6 8c 34 Aug 26 13:22:42.961253: | 9d 10 d3 53 f9 a7 b9 15 f1 b1 da 9a 50 40 cc 19 Aug 26 13:22:42.961254: | 02 eb ab eb 5e 7a a9 cd d5 e1 df 29 c0 ce ac c6 Aug 26 13:22:42.961256: | c6 d1 ce 1f 9f 9e a4 a6 88 b9 b4 6a bb 49 fd 75 Aug 26 13:22:42.961257: | 2e 24 8d 3e b1 1a c0 1e 07 2b 74 fb 35 23 01 f5 Aug 26 13:22:42.961259: | 2d f1 fe 40 c3 c8 50 bb 6c 85 7e 6f 54 8d 44 99 Aug 26 13:22:42.961260: | f1 16 f4 d3 ef 54 c2 b6 b0 4e 77 40 aa fb 85 83 Aug 26 13:22:42.961262: | 15 12 8e fb 48 a6 9f 8f eb bc 92 7a 66 e7 96 22 Aug 26 13:22:42.961263: | f7 22 86 2a 6e 47 4d e3 fa a0 41 25 03 9b 72 75 Aug 26 13:22:42.961264: | f8 a5 69 88 f2 9f ec be ce fb 4c 67 bb 12 4a ef Aug 26 13:22:42.961266: | e3 4d d2 c9 3d 04 08 21 2a c0 0c 53 8b a9 12 57 Aug 26 13:22:42.961268: | d0 73 be bc bd da 23 de 8c 50 d3 33 79 98 3d c4 Aug 26 13:22:42.961270: | a8 63 dd 1b 1a 18 8e 5d 24 14 a8 e7 53 c4 12 3d Aug 26 13:22:42.961272: | b4 2c 05 5a ae dc 82 51 4b c2 84 a3 b0 dd c0 be Aug 26 13:22:42.961273: | c9 ed 75 22 4a 8e bb 56 69 e4 db 00 8a d3 68 fe Aug 26 13:22:42.961274: | 3a 10 f6 d3 60 03 41 0a 51 2c a5 04 98 e4 19 25 Aug 26 13:22:42.961276: | 3e a7 97 36 e1 8c 51 9f d8 94 19 6f 41 22 07 f6 Aug 26 13:22:42.961277: | de 7c 95 b7 bf 7a 53 d3 7e 37 b6 72 5e 4d af 65 Aug 26 13:22:42.961279: | dc cd 4c dd 23 76 af 4b 92 fb c6 08 8a c9 94 ff Aug 26 13:22:42.961280: | 15 64 cc 2b e4 60 9e a5 bf 2b 95 c7 aa af 2e 90 Aug 26 13:22:42.961282: | 31 b3 d7 67 42 84 4a d7 1a 24 87 dd c3 aa d8 9b Aug 26 13:22:42.961283: | d5 6e c5 9a 3f fd c6 c0 ec df 48 50 5d fe 8b cb Aug 26 13:22:42.961285: | 69 4f 8d 49 22 58 4c 26 29 6a e0 3e 28 2b 3c d6 Aug 26 13:22:42.961286: | f1 9a 13 de d8 ad 4a bc aa cf 4a Aug 26 13:22:42.961361: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.961366: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961368: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.961369: | 00 02 00 05 37 eb ad e9 e6 94 d7 06 f3 4d f8 5b Aug 26 13:22:42.961371: | 5c bd c8 0a a6 f4 a2 86 b5 f5 f4 e5 f2 19 3b 88 Aug 26 13:22:42.961372: | 5d e3 b7 31 8e 86 e1 9e 2a 7b 38 d0 5d 21 96 c6 Aug 26 13:22:42.961374: | 17 69 b8 b6 fe 13 9d ae 60 fe 34 82 66 6f 4d 80 Aug 26 13:22:42.961375: | c6 8b 2e 9d 2a 40 aa 1f 90 51 9f 6e ac c5 20 e1 Aug 26 13:22:42.961377: | 9f bd 2f 33 83 bc 1f 3c 25 fc 4a f9 14 0f 58 37 Aug 26 13:22:42.961378: | 43 f2 ad b0 bf c8 03 3e be 2a 60 d3 7a c9 82 27 Aug 26 13:22:42.961380: | b5 ed ca 30 e6 42 31 13 d8 3d c2 9e 81 dc 41 ec Aug 26 13:22:42.961381: | 5b 51 d7 41 f2 fc d8 48 ab a3 ef 22 74 9f da 41 Aug 26 13:22:42.961383: | 23 1e 3f fc 9f 8a d2 24 2b 1f 3c 3c 2e 8f 78 3b Aug 26 13:22:42.961384: | 39 bf 13 0f cb aa 8e b4 02 df 10 9a d8 01 f5 64 Aug 26 13:22:42.961386: | 41 3b 65 cf 4e 8c af c6 fc 7c d7 f7 db f3 49 5b Aug 26 13:22:42.961387: | 19 4d a1 ed f7 6f aa 76 76 80 c9 96 d0 e6 27 99 Aug 26 13:22:42.961388: | b5 f0 9c e2 01 86 cd 06 60 5c ff 3c 1c 63 86 9a Aug 26 13:22:42.961390: | 31 fb 00 d9 f4 33 91 08 90 51 14 c0 f1 64 ff 10 Aug 26 13:22:42.961391: | c8 bd 41 03 ac f1 fb 99 31 5c ad 79 8a 75 bc 05 Aug 26 13:22:42.961393: | 8f ed 35 d2 85 bf 4b c5 ae f1 4c 4b 63 ad 59 67 Aug 26 13:22:42.961394: | 2e fb a4 53 c4 d3 f0 56 ba d1 8c 96 eb 0e b8 1a Aug 26 13:22:42.961396: | 57 59 0e c1 5d fa d0 49 e5 7a 3a c6 b0 75 d4 9d Aug 26 13:22:42.961397: | 74 75 29 e9 ec 69 d2 86 4f 95 43 10 7b c9 ac 7d Aug 26 13:22:42.961399: | 92 3c 67 13 2e 82 15 44 f0 bb 78 cc ec 2c 15 60 Aug 26 13:22:42.961400: | 2c c0 32 10 ce a5 68 1f 75 16 7d ab 8f 60 71 bc Aug 26 13:22:42.961402: | 32 ae ff 84 6d b8 44 20 f6 55 9a ca cd 13 aa b6 Aug 26 13:22:42.961403: | 9c ef 82 b0 fd 8f ea 70 b8 b3 b9 af ff 9b f0 a0 Aug 26 13:22:42.961405: | a3 ae 4e eb 49 b9 af 89 20 c1 52 6f f7 eb aa 3a Aug 26 13:22:42.961406: | 46 d2 f2 bb b1 be f0 1d 87 9d 80 28 8e 70 8c e8 Aug 26 13:22:42.961408: | 32 b7 80 ed 34 93 59 5b cb b6 50 b6 76 6a b4 2e Aug 26 13:22:42.961409: | 72 60 b4 e8 9f 71 a4 9e c1 23 e9 a2 5a c4 b3 9e Aug 26 13:22:42.961411: | 84 4f f5 42 19 b4 8c f8 02 6b e8 c8 e1 66 a3 77 Aug 26 13:22:42.961412: | 4f b9 0d 0f 25 fd 1e e2 f3 f4 6f 6d b7 20 ed ca Aug 26 13:22:42.961414: | 3a ce 91 ad 62 7d d7 2e 31 52 57 f6 fe f5 8b 27 Aug 26 13:22:42.961415: | 5a 98 1c 40 a7 6e 93 be aa e0 c6 Aug 26 13:22:42.961426: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.961428: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961430: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.961433: | 00 03 00 05 1a 0f 6b d8 d6 8a ea 58 e1 25 6b fa Aug 26 13:22:42.961434: | 99 8c ec 02 a4 ac ba ed aa 01 e6 59 35 2f 56 26 Aug 26 13:22:42.961436: | 68 4a 01 b5 3d b3 4b 96 2b 42 5f 5b 84 e9 7a 75 Aug 26 13:22:42.961437: | ae a1 d7 07 c0 bd 34 9d e8 78 58 ba 81 cb cc 24 Aug 26 13:22:42.961439: | 61 75 b2 2e 44 f1 ff 2c 13 4b 26 33 57 11 4a a9 Aug 26 13:22:42.961440: | e4 cb a8 78 81 d0 d4 5d 6d fd 49 f6 8b 1d 6c 90 Aug 26 13:22:42.961442: | 1d dd 03 32 c9 b6 fe 8f 4e 2f dc a2 de e4 84 b0 Aug 26 13:22:42.961443: | c9 8e c9 d8 9d f4 91 86 41 27 44 c9 9c ea b3 09 Aug 26 13:22:42.961445: | d4 3a 8b 78 e5 10 73 83 4f e0 e7 df e4 eb 1a 4d Aug 26 13:22:42.961446: | a8 12 24 93 59 e9 ca 5a c2 64 09 20 a3 f5 d4 c0 Aug 26 13:22:42.961448: | 2c 0c 79 7a 77 40 90 5e 1d de 0f 8d 4f 66 d3 9c Aug 26 13:22:42.961449: | d4 d1 5e f0 14 58 a7 85 d8 7e cc cd 01 0d e4 66 Aug 26 13:22:42.961451: | 9c 80 64 82 fa 21 fa 55 2a d0 fe 77 ce 63 54 df Aug 26 13:22:42.961452: | 7c f7 1c e7 1e 3d 12 07 cc e5 86 ce 52 2e 9d 0f Aug 26 13:22:42.961453: | 52 55 79 e3 81 92 7e 24 b5 c5 7b a1 15 d1 7c 2c Aug 26 13:22:42.961455: | 41 34 42 d5 ae cb b9 16 9d 65 54 0c 2c 4c 4f 9c Aug 26 13:22:42.961456: | 0e 01 80 25 b9 ca 69 8e 56 77 c0 a8 83 32 f0 82 Aug 26 13:22:42.961458: | b6 77 48 54 c5 ec b5 5d e7 3a 8e 64 7a b9 92 4d Aug 26 13:22:42.961459: | a7 af 8e 13 54 14 79 27 ea a3 36 fb 8e e6 95 e2 Aug 26 13:22:42.961461: | 7b dd 8c dc e7 08 61 31 00 52 10 7a 8b 45 99 ae Aug 26 13:22:42.961462: | f4 6d 21 97 c8 09 54 b1 f3 02 bf b2 94 52 52 e6 Aug 26 13:22:42.961464: | 84 b3 d5 3f ed d7 da 0f e4 04 f3 42 7e 1b 55 b6 Aug 26 13:22:42.961465: | 09 14 78 b4 35 87 5e c0 16 3a e6 e0 c4 8f 17 ba Aug 26 13:22:42.961467: | e5 ed 8b ab 5d 4e 31 d0 a0 2c 9f d2 a9 c7 c5 32 Aug 26 13:22:42.961468: | 44 65 9b b3 2d 1b 65 ba cb 52 58 5b 81 f0 f9 0b Aug 26 13:22:42.961470: | f1 47 a6 b8 63 aa 7f 8c 66 b0 b4 ae db fd 86 78 Aug 26 13:22:42.961471: | 02 e0 d6 66 3a 9e 77 fa d6 a1 6c 7a c5 a6 b4 3d Aug 26 13:22:42.961473: | 8d 9c ab 76 e9 20 50 83 7f b1 16 13 e0 d0 6c 3d Aug 26 13:22:42.961474: | 71 98 54 0a 0c 86 12 c9 b5 79 46 95 dc 78 cb 8e Aug 26 13:22:42.961476: | 9f 4e 25 b3 e8 4b 48 c7 9d aa 3b 05 a6 d4 6d d0 Aug 26 13:22:42.961477: | cf cc 61 6d c5 79 a1 f5 82 d2 ee 60 24 53 f7 18 Aug 26 13:22:42.961479: | 40 b3 7f 88 e3 b3 05 24 f6 0b e2 Aug 26 13:22:42.961487: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.961489: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961491: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Aug 26 13:22:42.961492: | 00 04 00 05 b8 c0 cb 4e 50 e4 ba 0e f1 f4 d5 a4 Aug 26 13:22:42.961494: | 5d 4a 0d c6 34 2c ff af 47 ad 70 cf c8 8a 06 97 Aug 26 13:22:42.961495: | 6b da 7d ce b6 fa 02 47 c7 54 e5 36 02 38 c1 f7 Aug 26 13:22:42.961497: | b6 1e 62 b7 a5 a0 32 d7 19 4a d6 5d ba db 07 be Aug 26 13:22:42.961498: | b2 ee 10 73 ba 5b 04 5d 48 12 da ad dd 97 1e 14 Aug 26 13:22:42.961500: | e3 b0 e1 5e 66 5a 41 72 34 5e 0c 21 ac 1b fa e1 Aug 26 13:22:42.961501: | 81 8d 35 c8 2f 26 81 a4 5d 9a 1d b5 e4 2a f4 4d Aug 26 13:22:42.961503: | ab 26 27 06 06 a8 06 41 76 2d 5f 30 b0 b2 51 3d Aug 26 13:22:42.961504: | 40 5d cb 48 d5 36 d2 71 b6 ec c3 78 5d eb 9f 81 Aug 26 13:22:42.961506: | 67 5e a7 7e 98 25 64 b3 16 70 72 eb e3 67 b5 0f Aug 26 13:22:42.961507: | 3f 18 02 a5 95 82 31 b8 38 38 1b 94 29 81 f6 47 Aug 26 13:22:42.961509: | b6 1d ad c0 a3 8f 63 09 a0 3e 56 3f 4c ca 90 4e Aug 26 13:22:42.961510: | 1a dc 64 8c 6f 56 a1 45 b1 bc 91 d2 db 40 d6 59 Aug 26 13:22:42.961512: | 3d a6 48 e9 d2 2f 1e ec fc 6f 93 9d ca 64 a6 20 Aug 26 13:22:42.961513: | be 48 87 78 89 68 f4 89 35 cd fe 7c 07 17 61 8b Aug 26 13:22:42.961515: | 67 b2 73 09 91 31 bc 78 95 34 15 09 49 8c 63 fe Aug 26 13:22:42.961516: | eb 29 29 88 37 e7 70 b8 5d bd 11 1e 52 e2 6b b1 Aug 26 13:22:42.961518: | f2 da 2d 2d 1c 08 38 00 77 e6 40 7a 4a 4f b2 7b Aug 26 13:22:42.961520: | 61 e6 2e 8d 11 4c e8 89 e8 9c 21 ba 5c d8 01 32 Aug 26 13:22:42.961522: | 7c 72 af aa 82 19 3c 9e e3 ee 97 65 e2 b1 9b 8f Aug 26 13:22:42.961523: | a1 09 10 40 c2 7a d4 13 ab d0 a7 1e 43 e0 fe 25 Aug 26 13:22:42.961524: | 36 2c 7c fc 2f bc 82 42 83 dc cc ea d2 b7 83 0d Aug 26 13:22:42.961526: | 8e 9d 7b 6a 35 d3 7b f4 a0 e3 7d 03 cd ed fe 10 Aug 26 13:22:42.961527: | 96 53 fc c1 4e f5 71 a4 f4 81 1a 8d 93 92 60 c9 Aug 26 13:22:42.961529: | 4d 90 b8 a3 9a 4e b3 66 17 f4 a9 ea 9d 4e 20 62 Aug 26 13:22:42.961530: | b4 03 d7 df 7f 7e 13 c4 8e ec 83 8d 48 4f fe 4d Aug 26 13:22:42.961532: | fa 88 fa ae 0b 68 26 11 11 33 f0 45 82 4e 4f 86 Aug 26 13:22:42.961533: | 7d b6 11 86 e2 cc 8d 4c 53 47 77 4c 9e 58 95 9c Aug 26 13:22:42.961535: | e0 c4 ce cf 9c 08 b9 ef 10 b0 08 0d fa 0c 4d 46 Aug 26 13:22:42.961536: | e0 e5 b6 12 14 4d 83 e8 98 00 1f da 5b fc fa 9e Aug 26 13:22:42.961538: | b6 2e 5a 89 02 f4 7e ca 62 9d 33 d5 3d b1 ca f5 Aug 26 13:22:42.961539: | b5 e5 68 66 27 c2 be b3 05 0a 64 Aug 26 13:22:42.961548: | sending 97 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) Aug 26 13:22:42.961550: | f7 f5 17 0e ae bd 93 18 82 dd e7 bb 11 8e b8 06 Aug 26 13:22:42.961551: | 35 20 23 20 00 00 00 01 00 00 00 61 00 00 00 45 Aug 26 13:22:42.961553: | 00 05 00 05 14 c0 eb 32 4e f2 34 69 b9 46 71 f4 Aug 26 13:22:42.961554: | d9 a4 a1 21 e5 ac 43 ce 21 f0 42 f8 53 0a 8d ae Aug 26 13:22:42.961556: | 9e 4f 0f 08 f6 dc 20 af 1d e5 57 6c fb 99 8e ab Aug 26 13:22:42.961557: | 0a 4e f5 a7 47 bc 40 a4 a1 33 e6 a2 1a ce 3a 2b Aug 26 13:22:42.961559: | 28 Aug 26 13:22:42.961565: | sent 5 fragments Aug 26 13:22:42.961568: | releasing whack for #2 (sock=fd@-1) Aug 26 13:22:42.961569: | releasing whack and unpending for parent #1 Aug 26 13:22:42.961572: | unpending state #1 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 Aug 26 13:22:42.961575: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Aug 26 13:22:42.961577: | event_schedule: new EVENT_SA_REKEY-pe@0x559d8e11a108 Aug 26 13:22:42.961580: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Aug 26 13:22:42.961583: | libevent_malloc: new ptr-libevent@0x559d8e12ee88 size 128 Aug 26 13:22:42.961589: | dpd enabled, scheduling ikev2 liveness checks Aug 26 13:22:42.961591: | event_schedule: new EVENT_v2_LIVENESS-pe@0x559d8e11e768 Aug 26 13:22:42.961593: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Aug 26 13:22:42.961595: | libevent_malloc: new ptr-libevent@0x559d8e10b748 size 128 Aug 26 13:22:42.961597: | libevent_realloc: release ptr-libevent@0x559d8e0a25a8 Aug 26 13:22:42.961600: | libevent_realloc: new ptr-libevent@0x559d8e10ae28 size 128 Aug 26 13:22:42.961607: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Aug 26 13:22:42.961612: | #1 spent 14.8 milliseconds in resume sending helper answer Aug 26 13:22:42.961616: | stop processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) Aug 26 13:22:42.961620: | libevent_free: release ptr-libevent@0x7f6f90000f48 Aug 26 13:22:42.961630: | processing signal PLUTO_SIGCHLD Aug 26 13:22:42.961634: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:42.961637: | spent 0.00366 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:42.961639: | processing signal PLUTO_SIGCHLD Aug 26 13:22:42.961641: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:42.961644: | spent 0.00236 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:42.961645: | processing signal PLUTO_SIGCHLD Aug 26 13:22:42.961647: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:42.961650: | spent 0.00234 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:45.918363: | timer_event_cb: processing event@0x559d8e11e768 Aug 26 13:22:45.918385: | handling event EVENT_v2_LIVENESS for child state #2 Aug 26 13:22:45.918398: | start processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:45.918406: | [RE]START processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in liveness_check() at timer.c:113) Aug 26 13:22:45.918416: | get_sa_info esp.eff6eab1@192.1.2.23 Aug 26 13:22:45.918432: | #2 liveness_check - peer 192.1.3.209 is ok schedule new Aug 26 13:22:45.918438: | event_schedule: new EVENT_v2_LIVENESS-pe@0x559d8e0a25a8 Aug 26 13:22:45.918443: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Aug 26 13:22:45.918447: | libevent_malloc: new ptr-libevent@0x7f6f90000f48 size 128 Aug 26 13:22:45.918452: | libevent_free: release ptr-libevent@0x559d8e10b748 Aug 26 13:22:45.918456: | free_event_entry: release EVENT_v2_LIVENESS-pe@0x559d8e11e768 Aug 26 13:22:45.918463: | #2 spent 0.102 milliseconds in timer_event_cb() EVENT_v2_LIVENESS Aug 26 13:22:45.918470: | stop processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:48.921421: | timer_event_cb: processing event@0x559d8e0a25a8 Aug 26 13:22:48.921436: | handling event EVENT_v2_LIVENESS for child state #2 Aug 26 13:22:48.921445: | start processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:48.921452: | [RE]START processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in liveness_check() at timer.c:113) Aug 26 13:22:48.921459: | get_sa_info esp.eff6eab1@192.1.2.23 Aug 26 13:22:48.921475: | #2 liveness_check - peer 192.1.3.209 is ok schedule new Aug 26 13:22:48.921479: | event_schedule: new EVENT_v2_LIVENESS-pe@0x559d8e11e768 Aug 26 13:22:48.921482: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Aug 26 13:22:48.921486: | libevent_malloc: new ptr-libevent@0x559d8e10b748 size 128 Aug 26 13:22:48.921490: | libevent_free: release ptr-libevent@0x7f6f90000f48 Aug 26 13:22:48.921493: | free_event_entry: release EVENT_v2_LIVENESS-pe@0x559d8e0a25a8 Aug 26 13:22:48.921499: | #2 spent 0.0789 milliseconds in timer_event_cb() EVENT_v2_LIVENESS Aug 26 13:22:48.921504: | stop processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:51.924310: | timer_event_cb: processing event@0x559d8e11e768 Aug 26 13:22:51.924328: | handling event EVENT_v2_LIVENESS for child state #2 Aug 26 13:22:51.924340: | start processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:51.924348: | [RE]START processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in liveness_check() at timer.c:113) Aug 26 13:22:51.924357: | get_sa_info esp.eff6eab1@192.1.2.23 Aug 26 13:22:51.924374: | #2 liveness_check - peer 192.1.3.209 is ok schedule new Aug 26 13:22:51.924379: | event_schedule: new EVENT_v2_LIVENESS-pe@0x559d8e0a25a8 Aug 26 13:22:51.924384: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Aug 26 13:22:51.924389: | libevent_malloc: new ptr-libevent@0x7f6f90000f48 size 128 Aug 26 13:22:51.924395: | libevent_free: release ptr-libevent@0x559d8e10b748 Aug 26 13:22:51.924399: | free_event_entry: release EVENT_v2_LIVENESS-pe@0x559d8e11e768 Aug 26 13:22:51.924407: | #2 spent 0.0974 milliseconds in timer_event_cb() EVENT_v2_LIVENESS Aug 26 13:22:51.924415: | stop processing: state #2 connection "rw-east-pool-x509-ipv4"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557)